Hello Valentin -
On Tuesday 30 January 2001 06:41, Valentin Tumarkin wrote:
> Hi,
>
> I need to implement radiator configuration where for a some users
> (~5k) after the user authentication (using AuthBy LDAPSDK)
> AuthBy PORTLIMITCHECK and/or AuthBy DYNADDRESS is executed.
>
> Is it ok to use Auth-Type attribute in the user LDAP entry (using
> AuthAttrdef mapping) to define additional authentication checks
> for a user ?
>
>
> Example:
>
> <AuthBy LDAPSDK>
> Identifier LDAP_GetGroupAttr
> .....
> </AuthBy>
>
> <AuthBy PORTLIMITCHECK>
> Identifier MyPORTLIMITCHECK
> .......
> </AuthBy>
>
> <AuthBy DYNADDRESS>
> Identifier MyDYNADDRESS
> ......
> </AuthBy>
>
> # Called for Additional Auth
> <AuthBy GROUP>
> Identifier ExtendedAuth
> ......
> AuthByPolicy ContinueWhileAccept
> AuthBy LDAP_GetGroupAttr
> AuthBy MyPORTLIMITCHECK
> AuthBy MyDYNADDRESS
> ......
> </AuthBy>
>
> # Initial auth for all the users
> <AuthBy LDAPSDK>
> Identifier BasicAuth
> ......
> # Get additional auth Identifier (if defined)
> AuthAttrDef AuthType, Auth-Type, Check
> </AuthBy>
>
> # Handler for all the users
> <Handler>
> .......
> AuthBy BasicAuth
> .......
> </Handler>
>
The above should work just fine.
If you have multiple check items, you could also use a GENERIC check:
ie. - an LDAP field called CheckAttr with the following:
AuthAttrDef CheckAttr, GENERIC, check
The CheckAttr field would contain something like this:
....., Auth-Type = ExtendedAuth, ...
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
