(RADIATOR) Shells.
Hugh Irvine
hugh at open.com.au
Thu Oct 4 18:29:47 CDT 2001
Hello Ricky -
In the file that you use for the AuthBy FILE (%D/users) you could simply add
those users that you want to lock out like this:
# %d/users
user1 Password = *
......
hth
Hugh
On Friday 05 October 2001 01:06, ricky wrote:
> > Guys,
>
> I noticed a couple of years back someone asked for the ability to check a
> users shell for authentication.
>
> I am migrating from Merit and as such I have used what shell the customer
> had in the passwd file to lock them out if they had not payed.
>
> I guess I can assume that this is not possible with Radiator as there is
> nothing in the manual or many questions in the archive.
>
> How can I make this work another way. I am using AuthBy UNIX and FILE
> aready.
>
> Thanks
>
> Rick
>
>
>
> Foreground
> LogStdout
> LogDir /usr/local/radius/logs
> DbDir /usr/local/radius/raddb
> # User a lower trace level in production systems:
> Trace 4
>
> SnmpgetProg /usr/bin/snmpget
> FingerProg /usr/bin/finger
> AuthPort 1645
> AcctPort 1646
> # You will probably want to add other Clients to suit your site,
> # one for each NAS you want to work with
> <Client monty.caboolture.net.au>
> Secret xxx
> NasType Bay8000SNMP
> DupInterval 0
> IgnoreAcctSignature
> </Client>
>
> <Client monty1.caboolture.net.au>
> Secret xxx
> NasType Bay
> IgnoreAcctSignature
> DupInterval 0
> </Client>
>
> <Client 127.0.0.1>
> Secret xxx
> DupInterval 0
> </Client>
>
>
> <AuthBy UNIX>
> Identifier System
> Filename /etc/shadow
> </AuthBy>
>
> <AuthBy FILE>
> Identifier CheckUsers
> Filename %D/users
> </AuthBy>
>
> <AuthLog FILE>
> Identifier myauthlogger
> Filename %L/authlog
> LogSuccess 1
> LogFailure 1
> </AuthLog>
>
> <Realm DEFAULT>
> AuthBy CheckUsers
> AuthLog myauthlogger
>
> # Log accounting to a detail file
> AcctLogFileName %L/details
>
> AcctLogFileFormat EXEC sp_ins_rad%{Acct-Status-Type} \
> @login_time='%Y-%m-%d %H:%M:%S', \
> @acct_session_id='%{Acct-Session-Id}', \
> @acct_session_time=%{Acct-Session-Time}, \
> @acct_input_packets=%{Acct-Input-Packets}, \
> @acct_output_packets=%{Acct-Output-Packets}, \
> @acct_input_octets=%{Acct-Input-Octets}, \
> @acct_output_octets=%{Acct-Output-Octets}, \
> @acct_terminate_cause='%{Acct-Terminate-Cause}', \
> @user_name='%{User-Name}', \
> @nas_ip_address='%{NAS-IP-Address}', \
> @nas_port=%{NAS-Port}, \
> @nas_port_type='%{NAS-Port-Type}', \
> @service_type='%{Service-Type}', \
> @framed_protocol='%{Framed-Protocol}', \
> @acct_authentic='%{Acct-Authentic}', \
> @acct_delay_time=%{Acct-Delay-Time}, \
> @connect_info='%{Connect-Info}', \
> @called_station_id='%{Called-Staton-Id}', \
> @calling_station_id='%{Calling-Station-Id}', \
> @annex_tx_speed='%{Annex-Transmit-Speed}', \
> @annex_rx_speed='%{Annex-Received-Speed}', \
> @framed_ip_address='%{Framed-IP-Address}'
>
> </Realm>
----------------------------------------
Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: quoted-printable
Content-Description:
----------------------------------------
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list