(RADIATOR) Re: Fwd: Re(2): Radiator Evaluation Request

Mike McCauley mikem at open.com.au
Thu Jan 10 16:36:30 CST 2002 

Hello Alan,


On Wed, 9 Jan 2002 10:38, Joanne Davis wrote:
> > >Received: from niaws.magnet.mt ([217.30.97.15])
> >
> >         by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g08BwB331598
> >         for <joanne at open.com.au>; Tue, 8 Jan 2002 05:58:11 -0600
> >X-Map-MIXER-Originators: false
> >To: "Joanne Davis"
> >  <joanne at open.com.au>
>
> From: "Attard Alan at MITTS"
>
> >  <alan.attard at magnet.mt>
> >Date: 8 Jan 2002 14:41:00 +0100
> >Subject: Re(2): Radiator Evaluation Request
> >Envelope-ID: JA8AAAAAB5970gABYQABlXwdgctU at magnet.mt
> >X-Mailer: TeamWARE Connector for MIME
> >
> >Hi Joanne,
> >
> >We have just started testing Radiator in our testing setup. Please find
> >attached our proposed setup.
> >We currently have the same setup, but using Microsoft IAS as our Radius
> >Server.
> >
> >We have managed to authenticate using Radiator with Microsoft Active
> > Directory with a very basic configuration,
> >but we still need lots of configuration.
> >
> >Our Active Directory users reside in different OU's according to there
> > site, eg.  CN=user1,OU=site1,DC=isp,DC=mitts,DC=net
> >           CN=user2,OU=site2,DC=isp,DC=mitts,DC=net
> >
> >We have different Groups assigned to the users to specify different
> > Policy, eg.  GROUP->FullTimeHTTP gives 24hr accees
> >           GROUP->AfternoonHTTP gives access from 12:00 to 20:00
> >
> >We still didn't figure out how to assign these different policies in our
> >configuration file.
> >We need to disable multiple login (we are testing sessions with MS-SQL
> > 2000)
> >
> >Can you please send us an example configuration file which reflects our
> > needs. Regards,

The usual way to do something like that is to have an intermediate AuthBy 
FILE that specifies the additional check items, something like this (untested 
and incomplete)


# This is the real authenticator. It is able to check groups
<AuthBy whatever>
	Identifier real_authenticator
	...
</AuthBy>

<Realm DEFAULT>
	<AuthBy FILE>
		Filename whatever
	</AuthBy>
</Realm>

And in the file specified in the AuthBy FILE, you would have something like 
this:

DEFAULT	Auth-Type=real_authenticator, Group=FullTimeHTTP

DEFAULT	Auth-Type=real_authenticator, Group=AfternoonHTTP, Time=Al1200-2000

.....

Cheers.

> >
> >Alan

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc 
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list