(RADIATOR) Fall-Through entries with AuthEMERALD???

Hugh Irvine hugh at open.com.au
Mon Jun 4 16:43:24 CDT 2001 

Hello Robert -

I would suggest that you change the entries below to something like this:

# this is the users file refered to by the configuration file

DEFAULT User-Name=user, NAS-IP-Address=x.x.x.x, Auth-Type=System
         Framed-IP-Address = 1.2.3.4

DEFAULT User-Name=user, NAS-IP-Address=y.y.y.y, Auth-Type=System
         Framed-IP-Address = 5.6.7.8

DEFAULT  Auth-Type=System

......


Then your configuration file would contain this:

....

# define AuthBy clauses with Identifiers

<AuthBy EMERALD>
	Identifier System
	.......
	AddToReply  Service-Type = Framed-User, \
	Framed-Protocol = PPP, \
	Framed-Compression = Van-Jacobson-TCP-IP, \
	Framed-IP-Netmask = 255.255.255.255, \
	...
</AuthBy>

<AuthBy FILE>
	Identifier CheckUsers
	Filename %L/users
</AuthBy>

# define Realms or Handlers

<Realm ....>
	.....
	AuthBy CheckUsers
	....
</Realm>

.....


hth

Hugh


On Monday 04 June 2001 22:54, Robert G. Fisher wrote:
> I'm in the process of switching from Cistron to Radiator
> using AuthEMERALD to authenticate against my database
> which is maintained by Platypus 3.0.
>
> One issue that I'm running into that I have yet to understand
> how to resolve is the case of fall-through entries for the
> user.
>
> Currently I have entries like:
>
> user	Auth-Type=System, NAS-IP-Address=x.x.x.x
> 	Framed-IP-Address = 1.2.3.4,
> 	Fall-Through = 1
>
> user	Auth-Type=System, NAS-IP-Address=y.y.y.y
> 	Framed-IP-Address = 5.6.7.8,
> 	Fall-Through = 1
>
> DEFAULT	Auth-Type=System, Hint = PPP
> 	Service-Type = Framed-User,
> 	Framed-Protocol = PPP,
> 	Framed-Compression = Van-Jacobson-TCP-IP,
> 	Framed-IP-Netmask = 255.255.255.255,
> 	...
> 	Fall-Through = 0
>
>
> The reason for assigning two static IPs is I have some
> equipment that needed a way of tracking the user no
> matter where they logged in and not all equipment is
> within the same subnet range.  Also, I have customers
> that will connect to one piece of equipment from their
> office and expect a static IP while there -- which requires
> a connection to a specific NAS on our side, but also
> wish to be able to connect to any of our NAS or any
> device doing proxy auth against our radius server and
> be assigned an IP that would work on that NAS.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list