(RADIATOR) Shells.

Hugh Irvine hugh at open.com.au
Thu Oct 4 18:29:47 CDT 2001


Hello Ricky -

In the file that you use for the AuthBy FILE (%D/users) you could simply add 
those users that you want to lock out like this:

# %d/users

user1	Password = *

......


hth

Hugh


On Friday 05 October 2001 01:06, ricky wrote:

> > Guys,
>
> I noticed a couple of years back someone asked for the ability to check a
> users shell for authentication.
>
> I am migrating from Merit and as such I have used what shell the customer
> had in the passwd file to lock them out if they had not payed.
>
> I guess I can assume that this is not possible with Radiator as there is
> nothing in the manual or many questions in the archive.
>
> How can I make this work another way. I am using AuthBy UNIX and FILE
> aready.
>
> Thanks
>
> Rick
>
>
>
> Foreground
> LogStdout
> LogDir          /usr/local/radius/logs
> DbDir           /usr/local/radius/raddb
> # User a lower trace level in production systems:
> Trace           4
>
> SnmpgetProg     /usr/bin/snmpget
> FingerProg      /usr/bin/finger
> AuthPort        1645
> AcctPort        1646
> # You will probably want to add other Clients to suit your site,
> # one for each NAS you want to work with
> <Client monty.caboolture.net.au>
>         Secret  xxx
>         NasType Bay8000SNMP
>         DupInterval 0
>         IgnoreAcctSignature
> </Client>
>
> <Client monty1.caboolture.net.au>
>         Secret  xxx
>         NasType Bay
>         IgnoreAcctSignature
>         DupInterval 0
> </Client>
>
> <Client 127.0.0.1>
>         Secret  xxx
>         DupInterval 0
> </Client>
>
>
> <AuthBy UNIX>
>         Identifier System
>         Filename /etc/shadow
> </AuthBy>
>
> <AuthBy FILE>
>         Identifier CheckUsers
>         Filename %D/users
> </AuthBy>
>
> <AuthLog FILE>
>         Identifier myauthlogger
>         Filename %L/authlog
>         LogSuccess 1
>         LogFailure 1
> </AuthLog>
>
> <Realm DEFAULT>
>         AuthBy CheckUsers
>         AuthLog myauthlogger
>
>         # Log accounting to a detail file
>         AcctLogFileName %L/details
>
> AcctLogFileFormat EXEC sp_ins_rad%{Acct-Status-Type} \
> @login_time='%Y-%m-%d %H:%M:%S', \
> @acct_session_id='%{Acct-Session-Id}', \
> @acct_session_time=%{Acct-Session-Time}, \
> @acct_input_packets=%{Acct-Input-Packets}, \
> @acct_output_packets=%{Acct-Output-Packets}, \
> @acct_input_octets=%{Acct-Input-Octets}, \
> @acct_output_octets=%{Acct-Output-Octets}, \
> @acct_terminate_cause='%{Acct-Terminate-Cause}', \
> @user_name='%{User-Name}', \
> @nas_ip_address='%{NAS-IP-Address}', \
> @nas_port=%{NAS-Port}, \
> @nas_port_type='%{NAS-Port-Type}', \
> @service_type='%{Service-Type}', \
> @framed_protocol='%{Framed-Protocol}', \
> @acct_authentic='%{Acct-Authentic}', \
> @acct_delay_time=%{Acct-Delay-Time}, \
> @connect_info='%{Connect-Info}', \
> @called_station_id='%{Called-Staton-Id}', \
> @calling_station_id='%{Calling-Station-Id}', \
> @annex_tx_speed='%{Annex-Transmit-Speed}', \
> @annex_rx_speed='%{Annex-Received-Speed}', \
> @framed_ip_address='%{Framed-IP-Address}'
>
> </Realm>

----------------------------------------
Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: quoted-printable
Content-Description: 
----------------------------------------

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list