I am evaluating radiator and would like to setup authentication using linux
username & passwords as well as another type of check to allow access. For
instance check if the user is part of a particular group before having their
login accepted. Specifically I want to limit networking equipment access to
users in the netadm group, I am running this on fedora 12. Below is my
simple.cfg for testing, everything else works fine but I am having trouble
interpreting the documentation for tiered authentication. Thank you for your
assistance.
SIMPLE.CFG
Foreground
LogStdout
LogDir .
DbDir .
# User a lower trace level in production systems:
Trace 4
AuthPort 1645,1812
AcctPort 1646,1813
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
<Client>
Secret mysecret
DupInterval 0
</Client>
<Client DEFAULT>
Secret mysecret
</Client>
<Realm>
<AuthBy UNIX>
Identifier System
Filename /etc/shadow
#Filename /etc/passwd
GroupFilename /etc/group
# Log accounting to a detail file
AcctLogFileName /etc/radiator/radiator.log
<ServerHTTP>
Port 8100
DefaultPrivilegeLevel 15
</ServerHTTP>
</Realm>
Current output checking Linux /etc/passwd file, need to add group or some other
type of identifier mechanism to the check.
Tue Apr 3 15:28:12 2012: ERR: Could not resolve an address for Client
Tue Apr 3 15:28:12 2012: ERR: Unknown keyword 'AcctLogFileName' in simple.cfg
line 65
Tue Apr 3 15:28:13 2012: DEBUG: Creating StreamServer tcp port 0.0.0.0:8100
Tue Apr 3 15:28:13 2012: DEBUG: Finished reading configuration file
'simple.cfg'
This Radiator license will expire on 2012-08-01
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/ordering.html
To extend your license period, contact [email protected]
Tue Apr 3 15:28:13 2012: DEBUG: Reading dictionary file './dictionary'
Tue Apr 3 15:28:13 2012: DEBUG: Creating authentication port 0.0.0.0:1645
Tue Apr 3 15:28:13 2012: DEBUG: Creating authentication port 0.0.0.0:1812
Tue Apr 3 15:28:13 2012: DEBUG: Creating accounting port 0.0.0.0:1646
Tue Apr 3 15:28:13 2012: DEBUG: Creating accounting port 0.0.0.0:1813
Tue Apr 3 15:28:13 2012: NOTICE: Server started: Radiator 4.9 on sec-l-adm02
(LOCKED)
Tue Apr 3 15:28:34 2012: DEBUG: Packet dump:
*** Received from 10.2.120.150 port 56193 ....
Code: Access-Request
Identifier: 64
Authentic: <131><19><159><26><141><164><247><161>`<143><202>G<202>mA<186>
Attributes:
User-Name = "robert"
User-Password = <226>D4<133>#y<153>=<251><186>r<136><14><8><143><147>
NAS-Port-Id = "ttyS0"
Service-Type = NAS-Prompt-User
NAS-Port = 0
NAS-IP-Address = 10.2.120.150
Tue Apr 3 15:28:34 2012: DEBUG: Handling request with Handler 'Realm=',
Identifier ''
Tue Apr 3 15:28:34 2012: DEBUG: Deleting session for robert, 10.2.120.150, 0
Tue Apr 3 15:28:34 2012: DEBUG: Handling with Radius::AuthUNIX: System
Tue Apr 3 15:28:34 2012: DEBUG: Reading group file /etc/group
Tue Apr 3 15:28:34 2012: DEBUG: Radius::AuthUNIX looks for match with robert
[robert]
Tue Apr 3 15:28:34 2012: DEBUG: Radius::AuthUNIX ACCEPT: : robert [robert]
Tue Apr 3 15:28:34 2012: DEBUG: AuthBy UNIX result: ACCEPT,
Tue Apr 3 15:28:34 2012: DEBUG: Access accepted for robert
Tue Apr 3 15:28:34 2012: DEBUG: Packet dump:
*** Sending to 10.2.120.150 port 56193 ....
Code: Access-Accept
Identifier: 64
Authentic: k<206><151><250>5<246>p=<23><141>.<197><167><244>Un
Attributes:
Robb Pfrank
Office +1 (312) 601-8647
[email protected]
The contents of this message (including any attachment(s)) may be privileged
and confidential and is intended solely for the private use of the intended
recipient(s). If you are not the intended recipient or have received this
message in error, please notify the sender immediately and delete the message.
You should not disseminate, distribute or copy this message without the
permission of the author. This message cannot in any way bind Headlands
Technologies LLC or any affiliate to any contract or other obligation._______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
