Hello Dan -
On Wed, 12 Jul 2000, -=X=- wrote:
> Hello
>
> I've looked through the archive list and haven't found the exact answer
> I'm looking for :-) so I'll try here.
>
> I'm using Radiator 2.16.1 on a FreeBSD 3.4 (soon to be 3.5 stable as soon
> as I cvsup) machine.
>
> The question I have is with the users file. On the old version of radius
> we had (it was some hacked together program of an older, other version of
> radius that I am not even sure what it was) our users file looked like
> this:
>
> DEFAULT Password = "UNIX", Sessions = 1
> User-Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Address = 255.255.255.254,
> Framed-Netmask = 255.255.255.255,
> Framed-Routing = None,
> Framed-Compression = None,
> Framed-MTU = 1500,
> Port-Limit = 1,
> Idle-Timeout = 900,
> Session-Timeout = 21600
>
> testuser Password = "UNIX"
> Framed-Address = 10.10.10.1,
> Port-Limit = 2
>
>
> So if testuser logged in, she would be authenticated via this file, rather
> then just checking the password database. The only reason we do this is
> because, for example, testuser is an ISDN customer so they get dual
> channel and a static IP address. Those are the only two settings that
> change, and the other DEFAULT settings get sent along too, and everything
> is good.
>
> You'll notice the Password = "UNIX" line too, this means that to get the
> password for the user, check the /etc/master.password file. This way you
> don't have to have clear text in the file.
>
>
> Radiator had a different format, and I have it set up like this:
>
> DEFAULT Auth-Type = System, Service-Type = Framed-User
> Framed-Protocol = PPP,
> Framed-IP-Address = 255.255.255.254,
> Framed-IP-Netmask = 255.255.255.255,
> Framed-Routing = None,
> Framed-Compression = None,
> Framed-MTU = 1500,
> Port-Limit = 1,
> Idle-Timeout = 900,
> Session-Timeout = 21600
>
> testuser Password = "UNIX"
> Framed-IP-Address = 10.10.10.1,
> Port-Limit = 2
>
>
> My questions are:
>
> 1. I don't think the Password = "UNIX" will work, will it? I have to
> either put the plain text in there, or use the encrypted password. Is
> there a way to get it to check the master.passwd file? If not, what is the
> format for putting the password in for a FreeBSD based master.password
> file?
>
For the "testuser" above (and any other user in this situation), you will have
to change the defintion in the same way as for DEFAULT:
testuser Auth-Type = System
Framed-Address = 10.10.10.1,
Port-Limit = 2
This will check the password using the AuthBy clause with
the Identifier System.
> 2. Does everything look OK with that default users file? I have been
> having issues with my Cisco AS5800, but going through the archive list has
> helped me solve some of them. I was able to connect, but of course I had
> to have the plain text password file in there. I also added this to my
> radius.cfg and it seemed to work:
>
> <Realm DEFAULT>
> <AuthBy FILE>
> Filename /usr/adm/radius/users
> AddToReply Service-Type=Framed-User,Framed-Protocol=PPP
> </AuthBy>
> <AuthBy UNIX>
> Identifier System
> Filename /etc/master.passwd
> AddToReply Service-Type=Framed-User,Framed-Protocol=PPP
> </AuthBy>
>
>
> Thanks for the help! Looking to start using Radiator as soon as possible
> and get off the older version we have :-)
>
The Realm DEFAULT above is a bit confusing, as the AuthBy UNIX will be called
twice. As a general rule, it is preferable to define your AuthBy clauses first
with Identifiers, then refer to them in your Realms and so on by Identifer.
This makes configuration files *much* easier to understand.
# Define AuthBy's first with Identifiers for later use
<AuthBy FILE>
Identifier Check_FILE
Filename /usr/adm/radius/users
AddToReply Service-Type=Framed-User,Framed-Protocol=PPP
</AuthBy>
<AuthBy UNIX>
Identifier System
Filename /etc/master.passwd
AddToReply Service-Type=Framed-User,Framed-Protocol=PPP
</AuthBy>
# Now define Realm(s) and/or Handlers
<Realm DEFAULT>
AuthBy Check_FILE
</Realm>
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
