(RADIATOR) Shells.

John Coy jcoy at anc.net
Thu Oct 4 12:03:19 CDT 2001


Back when I still used file-based authentication, I ran a script
on a regular basis that examined the password file and retrieved
the user shell.  The script then assigned a user to a particular
UNIX-style group based on the value of the shell.  Radiator has
a built-in ability to read from an arbitrary text file for UNIX
group data.  You can then use that group file to create a check-item
in your authentication scheme.

Unfortunately, I don't have an example configuration since I've
migrated over to SQL-based authentication.  I converted the UNIX-style
password file into an SQL database, and my authentication
query is built to consider the shell field during authentication.

Hope that helps.

John
Arkansas.Net

At 01:06 AM 10/5/01 +1000, you wrote:
>Guys,
>
>I noticed a couple of years back someone asked for the ability to check a 
>users shell for authentication.
>
>I am migrating from Merit and as such I have used what shell the customer 
>had in the passwd file to lock them out if they had not payed.
>
>I guess I can assume that this is not possible with Radiator as there is 
>nothing in the manual or many questions in the archive.
>
>How can I make this work another way. I am using AuthBy UNIX and FILE aready.
>
>Thanks
>
>Rick
>
>
>
>Foreground
>LogStdout
>LogDir          /usr/local/radius/logs
>DbDir           /usr/local/radius/raddb
># User a lower trace level in production systems:
>Trace           4
>
>SnmpgetProg     /usr/bin/snmpget
>FingerProg      /usr/bin/finger
>AuthPort        1645
>AcctPort        1646
># You will probably want to add other Clients to suit your site,
># one for each NAS you want to work with
><Client monty.caboolture.net.au>
>         Secret  xxx
>         NasType Bay8000SNMP
>         DupInterval 0
>         IgnoreAcctSignature
></Client>
>
><Client monty1.caboolture.net.au>
>         Secret  xxx
>         NasType Bay
>         IgnoreAcctSignature
>         DupInterval 0
></Client>
>
><Client 127.0.0.1>
>         Secret  xxx
>         DupInterval 0
></Client>
>
>
><AuthBy UNIX>
>         Identifier System
>         Filename /etc/shadow
></AuthBy>
>
><AuthBy FILE>
>         Identifier CheckUsers
>         Filename %D/users
></AuthBy>
>
><AuthLog FILE>
>         Identifier myauthlogger
>         Filename %L/authlog
>         LogSuccess 1
>         LogFailure 1
></AuthLog>
>
><Realm DEFAULT>
>         AuthBy CheckUsers
>         AuthLog myauthlogger
>
>         # Log accounting to a detail file
>         AcctLogFileName %L/details
>
>AcctLogFileFormat EXEC sp_ins_rad%{Acct-Status-Type} \
>@login_time='%Y-%m-%d %H:%M:%S', \
>@acct_session_id='%{Acct-Session-Id}', \
>@acct_session_time=%{Acct-Session-Time}, \
>@acct_input_packets=%{Acct-Input-Packets}, \
>@acct_output_packets=%{Acct-Output-Packets}, \
>@acct_input_octets=%{Acct-Input-Octets}, \
>@acct_output_octets=%{Acct-Output-Octets}, \
>@acct_terminate_cause='%{Acct-Terminate-Cause}', \
>@user_name='%{User-Name}', \
>@nas_ip_address='%{NAS-IP-Address}', \
>@nas_port=%{NAS-Port}, \
>@nas_port_type='%{NAS-Port-Type}', \
>@service_type='%{Service-Type}', \
>@framed_protocol='%{Framed-Protocol}', \
>@acct_authentic='%{Acct-Authentic}', \
>@acct_delay_time=%{Acct-Delay-Time}, \
>@connect_info='%{Connect-Info}', \
>@called_station_id='%{Called-Staton-Id}', \
>@calling_station_id='%{Calling-Station-Id}', \
>@annex_tx_speed='%{Annex-Transmit-Speed}', \
>@annex_rx_speed='%{Annex-Received-Speed}', \
>@framed_ip_address='%{Framed-IP-Address}'
>
></Realm>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list