(RADIATOR) creating "permissions" for users

[Hugh Irvine]

Hello Irwan -

On Tuesday 09 October 2001 16:57, ISMAIL,IRWAN (HP-Malaysia,ex1) wrote:
> I am currently using AuthBy FILE to authenticate a few network devices.
> But soon I would need to authenticate applications that support PAP/CHAP
> as well. Is this possible? How do I go about doing this?
>

You just need to define a Client clause for each IP address that will be 
sending radius requests, together with the Handlers or Realms that will 
process the requests in whatever AuthBy is required.

> I need to create "permissions" for the authenticated users, whereby they
> are only allowed to access devices/applications that is defined for them.
> Can I do this? For example, in the USERS file, I have a user named Mary
> who can be authenticated for Router1, Router2 and Router3. But user Joe
> can only authenticate for Router3 and Router4.
>

One way to do this is with Identifiers in the corresponding Client clauses.

# define Clients

<Client 1.1.1.1>
	Identifier Restricted-Access-1
	.....
</Client>

<Client 2.2.2.2>
	Identifier Restricted-Access-2
	.....
</Client>


Then in the users file you would have something like this:

# define users

someuser	Client-Identifier = Restricted-Access-1, Password = .....
		.........

anotheruser	Client-Identifier = Restricted-Access-2, Password = .....
		.........

superuser	Client-Identifer = /Restricted-Access-[12]/, Password = ....
		.......

There are many other possibilities - this is just one.

hth

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.