(RADIATOR) Platypus 3.0 & Radiator questions.

Robert G. Fisher rfisher at mail.neocom.net
Wed May 30 11:53:56 CDT 2001 

I'm working on setting up Radiator 1.18.1 to authenticate
from a Platypus 3.0 system.  I've installed the db script
from Boardtown to bring in the RadiusNT objects and used
their sample configuration file which uses the EMERALD
AuthBy module.

Currently I'm using Cistron, and this is a big switch because
the PHBs would like to have this integrate with the NT systems.

The issues that I'm trying to understand how I can implement
are as follows:

1)  While the DB stores a field for AccountType such as
    'PPP', 'SLIP', 'ISDN', etc -- this is only checked
    against the DNISGroups.  What I'd prefer to do is
    to have this check against NAS-Port-Type.

    Currently, instead of requiring a check item of 
    NAS-Port-Type=Async, I use fall throughs to allow
    for users to pass the NAS-Port-Type checks, then
    I list a series of checks for values of Sync (ascend foo),
    ISDN, ISDN-V110, and ISDN-V120 to return an Auth-Type
    Reject.

    I'd prefer to not have to write a new module to handle
    this one issue, so I was wondering if anyone had figured
    out how to do this either via a change of the AuthSelect
    statement or via a hook -- though I don't know how I'd
    pass values from the db query to the hook.

2)  Both the Emerald and Platypus modules state that Platypus
    sticks Simultaneous-Use to 1 -- however, with the current
    db changes out there, there is a field for maxsession for
    each account that, while it defaults to 1, can be any int
    value -- is the warning in the module simply out dated?

3)  I'm used to using snmpget and finger for radcheck from
    Cistron on a Linux box, but will be running Radiator on
    NT and W2K machines due to ODBC support -- does anyone
    know of a SNMP suite and finger utility that will work
    on NT as a replacement?

4)  The RadiusNT window in Platypus doesn't allow me to specify
    the response items based on the type of NAS, could anyone
    show me an example of how to do this -- for instance, I'd
    really like to have a way to return the avpairs of 
    Session-Timeout, Idle-Timeout, and Port-Limit to our non
    Ascend equipment, and then Ascend-Maximum-Time, 
    Ascend-Idle-Limit, and Ascend-Maximum-Channels.  Could this
    be done with an extension of AuthSelect to match up the
    NASType field from the server tables and then to add values,
    or what'd be real nifty to match up Ascend entries and then
    convert any of the above av pairs to the Ascend versions.

5)  Also, I'd like to use Simultaenous-Use checks, but only on
    specific NAS boxes -- or at least, to be able to exclude
    servers of a particular type -- which would mean the roaming
    or proxy clients listed in my servers table as I'd have no
    way to verify if a connection entry was valid or invalid.
    
-- 
Robert G. Fisher                  Sitestar.net, Inc. 
Senior System Engineer            (540) 666-9533 x 116
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list