(RADIATOR) Problem: AuthByPolicy

Jaafar Bin Sarim jrsm at staff.singnet.com.sg
Thu Jul 18 19:53:15 CDT 2002

Hello Hugh

I'm unable to establish a policy that I want to achieve as described

1.  user access if found in the deny file will be rejected and nothing

2.  user access if not found in the deny file will be checked against the
    /etc/passwd file
    if not found in the /etc/passwd then check with the oracle database

Here's my radius configuration:
LogDir          /var/log/radius/test
DbDir           /usr/local/etc/raddb
AuthPort        2112
AcctPort        2113

Trace   4

<Log FILE>
        Filename %L/logfile
        Trace 4

        Secret  xxxxxx

<Client localhost>
	Secret  xxxxxx

        Secret  xxxxxx

        Secret  xxxxxx

<AuthBy UNIX>
        Identifier      System
        Filename        /etc/shadow

<AuthBy SQL>
        Identifier      CheckSQL
        DBSource        dbi:Oracle:ahimsa
        DBUsername      xxxxxx
        DBAuth          xxxxxx

	DBSource        dbi:Oracle:parthenon
        DBUsername      xxxxxx
        DBAuth          xxxxxx

        AuthSelect      SELECT passwd FROM subscribers \
                        WHERE name = '%n' \
                        AND roam = 'T' \
                        AND status = 'T'

        AuthColumnDef 0, Encrypted-Password, check
        AuthColumnDef 1, GENERIC, check
        AuthColumnDef 2, GENERIC, check
        AuthColumnDef 3, GENERIC, reply
        AuthColumnDef 4, GENERIC, reply


<Handler Realm=/.*\.sg/>
                RewriteUsername s/^([^@]+).*/$1/
		AuthByPolicy ContinueWhileReject
                <AuthBy FILE>
                        Filename %D/deny
                <AuthBy FILE>
                        Filename %D/users
                        AuthBy CheckSQL
		AcctLogFileName /radacct/%C/detail


Here's my deny file:
jaafar        Auth-Type = Reject


Here's my users file:
DEFAULT Auth-Type = System
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Netmask =

Thank you.

Best Regards
Jaafar Sarim

Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list