--- Forwarded mail from [EMAIL PROTECTED]
Date: Thu, 1 Jun 2000 15:10:14 +1000 (EST)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: BOUNCE [EMAIL PROTECTED]: Non-member submission from [John Hough
<[EMAIL PROTECTED]>]
>From mikem Thu Jun 1 15:10:10 2000
Received: by oscar.open.com.au (8.9.0/8.9.0) id PAA02425;
Thu, 1 Jun 2000 15:10:09 +1000 (EST)
>Received: from mail.postalzone.com (mail.postalzone.com [216.228.64.8]) by
perki.connect.com.au with ESMTP id PAA21530
(8.8.8/IDA-1.7); Thu, 1 Jun 2000 15:08:34 +1000 (EST)
Received: from mail.postalzone.com (mail.postalzone.com [216.228.64.8]) by
perki.connect.com.au with ESMTP id PAA21530
(8.8.8/IDA-1.7); Thu, 1 Jun 2000 15:08:34 +1000 (EST)
Received: from localhost (jbh@localhost)
by mail.postalzone.com (8.8.8/8.8.8) with ESMTP id WAA21861;
Wed, 31 May 2000 22:08:32 -0700 (PDT)
Date: Wed, 31 May 2000 22:08:32 -0700 (PDT)
From: John Hough <[EMAIL PROTECTED]>
To: Hugh Irvine <[EMAIL PROTECTED]>
cc: "Jeremy C. Reed" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: (RADIATOR) trying to use hooks getProfiles
In-Reply-To: <0006010742440U.05261@hugo>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hugh,
Back several months ago we had this same discussion and I passed our
emails on to Jeremy (He works for me). Our configuration has several
hundred realms on a centralized Radius server, we support local
authentication via flat file and proxying the radius request to remote
servers for some of our dealers. In this scenario would your
recommendation still apply or is it back to the <Client ...> tag as in the
emails that we had discussed this. Being able to support several
different NAS devices is appealing to us, especially if we can provide
support for their Vendor attributes as needed based on where the request
is coming from..
John Hough
On Thu, 1 Jun 2000, Hugh Irvine wrote:
>
> Hello Jeremy -
>
> On Thu, 01 Jun 2000, Jeremy C. Reed wrote:
> > On Wed, 31 May 2000, Hugh Irvine wrote:
> >
> > > On Wed, 31 May 2000, Jeremy C. Reed wrote:
> > > > I want to add attributes if it comes from a certain client. So I added
an
> > > >
> > > > Identifier web
> > > > to my testing clients (in the <Client> containers).
> > > >
> > > > My test config has:
> > > >
> > > > DefineGlobalVar ProfileDefsFilename %D/etc/profile.def
> > > > StartupHook file:"%D/hooks/getProfiles"
> > > >
> > > > and:
> > > >
> > > > <Realm iwbc>
> > > > AcctLogFileName /usr/adm/radacct/%C/detail
> > > > <AuthBy FILE>
> > > > Filename %D/users/iwbc.users
> > > > DefaultReply Service-Type=Framed,Framed-Protocol=PPP,\
> > > >
Framed-IP-Netmask=255.255.255.255,Framed-Routing=None,\
> > > > Framed-Compression=Van-Jacobson-TCP-IP,Framed-MTU=1500
> > > > PostAuthHook file:"%D/hooks/replaceProfiles"
> > > > </AuthBy>
> > > > </Realm>
> > > >
> > > >
> > > > My etc/profile.def contains:
> > > >
> > > >
Tigris:web:ACC-Ip-Pool-Name="spiretech",ACC-DNS-Server-Pri=216.228.70.2,ACC-DNS-
> > > > Server-Sec=216.228.65.6
> > > >
> > > > I can't seem to figure out how to get replaceProfiles to work. I want
> > > > these attributes added:
> > > >
> >
> > I didn't explain myself very well. "web" is the name of the client that I
> > am using for testing (it is not a NAS but a webserver running
> > radpwtst). Tigris was just a made-up profile name -- because I didn't
> > understand what it meant. When I have it working, "Tigris" will also be
> > the Identifier.
> >
> > > with the user record containing Profile = web (as a web-only user?) and
the
> > > Client Identifer set to Tigris (ie. these are the attributes that we have
to
> > > set for a Tigris NAS).
> >
> > So I added this "Profile" to my user record. But what if I want it to
> > apply to all users (and all realms)? Do I have to add it to every user
> > record?
> >
> > Now I am noticing an error message:
> >
> > Wed May 31 10:12:43 2000: ERR: Unknown keyword '%D/hooks/replaceProfiles'
> > in /usr/local/radiator/etc/radiator.cfg line 5408
> >
> > Then when I changed (the realm container as shown above) to not have
> > quotes:
> > PostAuthHook file:%D/hooks/replaceProfiles
> > I receive this error instead:
> >
> > Wed May 31 10:14:09 2000: ERR: Unknown keyword 'PostAuthHook' in
> > /usr/local/radiator/etc/radiator.cfg line 5408
> >
> > (I turned up the debugging to 4, but no additional messages about the
> > above error. It did report the debugging message for
> > setVariable in the getProfiles message.)
> >
> > Any ideas?
> >
>
> Well, I actually think that using a different approach might be simpler, as
the
> getProfile/replaceProfile is really aimed at a specific requirement where the
> users do have service-type profiles.
>
> In your case I would be inclined to add a default realm in the Client in
> question and then use a <Realm ....> clause with AddToReply (or a Handler in
> the same way).
>
> Something like this:
>
> <Client your.web.server>
> Secret .....
> DefaultRealm web.iwbc
> </Client>
>
> <Realm web.iwbc>
> ......
> </Realm>
>
> hth
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
>
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
---End of forwarded mail from [EMAIL PROTECTED]
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
2000, NT, MacOS X
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
