[RADIATOR] Is this config possible?

Johnson, Neil M Thu, 29 Oct 2015 11:19:14 -0700

I would like to authenticate users against the system’s UNIX password file and 
then return attributes based on the UNIX group the user belongs to.


Will the following work?

Thanks!
-Neil

Example Config:

##### In the radius.cfg file...

####
# Client Definitions
####

<Client 192.168.5.1/32>
    Identifier CiscoRouter
        Secret  Shhhh1!
</Client>

<Client 192.168.10.2/32>
    Identifier WirelessController
        Secret  Shhhh2!
</Client>

####
# AuthBy Clauses
####

<AuthBy UNIX>
        Identifier System
        Filename /etc/shadow
        Nocache
</AuthBy>
        
####
# Realms
####

<Realm DEFAULT>
        <AuthBy FILE>
        </AuthBy>
</Realm>

#### In the users file ....

# Allow non-admin access to Cisco Routers
DEFAULT Auth-Type = System, Client-Identifier = CiscoRouter, Group = 
CiscoRouterUsers
        # Return NON enabled privileges attributes

# Allow admin access to Cisco Routers   
DEFAULT Auth-Type = System, Client-Identifier = CiscoRouter, Group = 
CiscoRouterAdmins
        # Return  ENABLED privileges attributes
        AddToReply Session-Timeout=0,cisco-avpair=shell:roles="network-admin"

# Allow non-admin access to Wireless Controller
DEFAULT Auth-Type = System, Client-Identifier = WirelessController, Group = 
WirelessUsers
        # Return NON enabled privileges attributes

# Allow admin access to Wireless Controller
DEFAULT Auth-Type = System, Client-Identifier = WirelessController, Group = 
WirelessAdmins
        # Return enabled privileges attributes
        AddToReply Session-Timeout=0,Callback-Number=admin

... etc.
        
-- 
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
E-Mail: neil-john...@uiowa.edu



_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

[RADIATOR] Is this config possible?

Reply via email to