(RADIATOR) Problem: AuthByPolicy

Jaafar Bin Sarim jrsm at staff.singnet.com.sg
Thu Jul 18 19:53:15 CDT 2002


Hello Hugh

I'm unable to establish a policy that I want to achieve as described
below:

1.  user access if found in the deny file will be rejected and nothing
    else.

2.  user access if not found in the deny file will be checked against the
    /etc/passwd file
    if not found in the /etc/passwd then check with the oracle database

Here's my radius configuration:
-----------------------------------------------------
LogDir          /var/log/radius/test
DbDir           /usr/local/etc/raddb
AuthPort        2112
AcctPort        2113

Trace   4

<Log FILE>
        Filename %L/logfile
        Trace 4
</Log>


<Client 165.21.81.35>
        Secret  xxxxxx
</Client>

<Client localhost>
	Secret  xxxxxx
</Client>

<Client 165.21.100.15>
        Secret  xxxxxx
</Client>

<Client 165.21.100.18>
        Secret  xxxxxx
</Client>

<AuthBy UNIX>
        Identifier      System
        Filename        /etc/shadow
</AuthBy>

<AuthBy SQL>
        Identifier      CheckSQL
        DBSource        dbi:Oracle:ahimsa
        DBUsername      xxxxxx
        DBAuth          xxxxxx

	DBSource        dbi:Oracle:parthenon
        DBUsername      xxxxxx
        DBAuth          xxxxxx

        AuthSelect      SELECT passwd FROM subscribers \
                        WHERE name = '%n' \
                        AND roam = 'T' \
                        AND status = 'T'

        AuthColumnDef 0, Encrypted-Password, check
        AuthColumnDef 1, GENERIC, check
        AuthColumnDef 2, GENERIC, check
        AuthColumnDef 3, GENERIC, reply
        AuthColumnDef 4, GENERIC, reply

</AuthBy>


<Handler Realm=/.*\.sg/>
                RewriteUsername s/^([^@]+).*/$1/
		AuthByPolicy ContinueWhileReject
                <AuthBy FILE>
                        Filename %D/deny
                </AuthBy>
                <AuthBy FILE>
                        Filename %D/users
                </AuthBy>
                        AuthBy CheckSQL
		AcctLogFileName /radacct/%C/detail
</Handler>

-------------------------------------------------------------

Here's my deny file:
--------------------------------
jaafar        Auth-Type = Reject

--------------------------------

Here's my users file:
------------------------------------------
DEFAULT Auth-Type = System
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Netmask = 255.255.255.255
-------------------------------------------



Thank you.


Best Regards
Jaafar Sarim
SingNet

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list