(RADIATOR) Problem: AuthByPolicy

Hugh Irvine hugh at open.com.au
Thu Jul 18 20:44:10 CDT 2002 

Hello Jaafar -

You will need to use AuthBy GROUP's for the different AuthBy policies.

# define AuthBy clauses

<AuthBy UNIX>
         Identifier      System
         Filename        /etc/shadow
</AuthBy>

<AuthBy SQL>
         Identifier      CheckSQL
         DBSource        dbi:Oracle:ahimsa
         DBUsername      xxxxxx
         DBAuth          xxxxxx

	DBSource        dbi:Oracle:parthenon
         DBUsername      xxxxxx
         DBAuth          xxxxxx

         AuthSelect      SELECT passwd FROM subscribers \
                         WHERE name = '%n' \
                         AND roam = 'T' \
                         AND status = 'T'

         AuthColumnDef 0, Encrypted-Password, check
         AuthColumnDef 1, GENERIC, check
         AuthColumnDef 2, GENERIC, check
         AuthColumnDef 3, GENERIC, reply
         AuthColumnDef 4, GENERIC, reply

</AuthBy>

<AuthBy FILE>
	Identifier CheckDenyFile
         Filename %D/deny
         AcceptIfMissing
         NoDefault
</AuthBy>

<AuthBy Group>
	Identifier CheckSystemThenSQL
         AuthByPolicy ContinueUntilAccept
	AuthBy System
	AuthBy CheckSQL
</AuthBy>

<AuthBy GROUP>
	Identifier CheckUsers
	AuthByPolicy ContinueWhileAccept
         AuthBy CheckDenyFile
         AuthBy CheckSystemThenSQL
         AddToReply Service-Type = Framed-User, \
                 Framed-Protocol = PPP, \
                 Framed-IP-Netmask = 255.255.255.255
</AuthBy>

# define Handlers

<Handler Realm=/.*\.sg/>
         RewriteUsername s/^([^@]+).*/$1/
         AuthBy CheckUsers
         AcctLogFileName /radacct/%C/detail
</Handler>


regards

Hugh


At 8:53 +0800 19/7/02, Jaafar Bin Sarim wrote:
>Hello Hugh
>
>I'm unable to establish a policy that I want to achieve as described
>below:
>
>1.  user access if found in the deny file will be rejected and nothing
>     else.
>
>2.  user access if not found in the deny file will be checked against the
>     /etc/passwd file
>     if not found in the /etc/passwd then check with the oracle database
>
>Here's my radius configuration:
>-----------------------------------------------------
>LogDir          /var/log/radius/test
>DbDir           /usr/local/etc/raddb
>AuthPort        2112
>AcctPort        2113
>
>Trace   4
>
><Log FILE>
>         Filename %L/logfile
>         Trace 4
></Log>
>
>
><Client 165.21.81.35>
>         Secret  xxxxxx
></Client>
>
><Client localhost>
>	Secret  xxxxxx
></Client>
>
><Client 165.21.100.15>
>         Secret  xxxxxx
></Client>
>
><Client 165.21.100.18>
>         Secret  xxxxxx
></Client>
>
><AuthBy UNIX>
>         Identifier      System
>         Filename        /etc/shadow
></AuthBy>
>
><AuthBy SQL>
>         Identifier      CheckSQL
>         DBSource        dbi:Oracle:ahimsa
>         DBUsername      xxxxxx
>         DBAuth          xxxxxx
>
>	DBSource        dbi:Oracle:parthenon
>         DBUsername      xxxxxx
>         DBAuth          xxxxxx
>
>         AuthSelect      SELECT passwd FROM subscribers \
>                         WHERE name = '%n' \
>                         AND roam = 'T' \
>                         AND status = 'T'
>
>         AuthColumnDef 0, Encrypted-Password, check
>         AuthColumnDef 1, GENERIC, check
>         AuthColumnDef 2, GENERIC, check
>         AuthColumnDef 3, GENERIC, reply
>         AuthColumnDef 4, GENERIC, reply
>
></AuthBy>
>
>
><Handler Realm=/.*\.sg/>
>                 RewriteUsername s/^([^@]+).*/$1/
>		AuthByPolicy ContinueWhileReject
>                 <AuthBy FILE>
>                         Filename %D/deny
>                 </AuthBy>
>                 <AuthBy FILE>
>                         Filename %D/users
>                 </AuthBy>
>                         AuthBy CheckSQL
>		AcctLogFileName /radacct/%C/detail
></Handler>
>
>-------------------------------------------------------------
>
>Here's my deny file:
>--------------------------------
>jaafar        Auth-Type = Reject
>
>--------------------------------
>
>Here's my users file:
>------------------------------------------
>DEFAULT Auth-Type = System
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Netmask = 255.255.255.255
>-------------------------------------------
>
>
>
>Thank you.
>
>
>Best Regards
>Jaafar Sarim
>SingNet
>
>===
>Archive at http://www.open.com.au/archives/radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.

-- 

NB: I am travelling this week, so there may be delays in our correspondence.

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list