(RADIATOR) client restrictions in Realm

Hugh Irvine hugh at open.com.au
Wed Sep 25 16:52:18 CDT 2002


Hello Mike -

Yes this is possible by using cascaded AuthBy clauses and Identifiers 
in your Client clauses.

Ie.

# define Client clauses

<Client ....>
	Identifier SomeThing
	....
</Client>

<Client ....>
	Identififier SomeThing
	.....
</Client>

<Client .....>
	Identifier OrOther
	....
</Client>
	
......

# define AuthBy clauses

<AuthBy FILE>
	Identifier CheckClient
	Filename %D/users.checkclient
</AuthBy>

<AuthBy RADIUS>
	Identifier ForwardToProxy
	.....
</AuthBy>

.....

# define Realms

<Realm this.is.the.one>
	AuthBy CheckClient
	.....
</Realm>

......


The file %D/users.checkclient would look something like this:

# %D/users.checkclient

DEFAULT Client-Identifier = SomeThing, Auth-Type = ForwardToProxy


In other words, the AuthBy FILE will check the Identifier of the client 
clauses and only forward the requests for those that match.

regards

Hugh


On Wednesday, September 25, 2002, at 04:51 PM, Mike Blancas wrote:

> Hi,
>
> Is it possible to restrict clients in one particular realm? I have many
> clients defined in my radius.cfg, but since this realm is just a
> AuthByRADIUS proxy, I want to restrict the clients that can be 
> proxied? Is
> this possible?
>
> Mike Blancas <mblancas at mozcom.com>
> Mosaic Communications, Inc.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list