(RADIATOR) authorization on subnet base

Hugh Irvine hugh at open.com.au
Tue Mar 11 23:44:57 CST 2003


Hello Freerk -

I am not quite sure how you are going to recognise the requests that 
you show below - are there different NAS's servicing each subnet? It is 
usually the NAS itself that allocates IP addresses.

The only thing you need to do to authenticate logon's to NAS equipment 
is to configure radius authentication. In the Radiator configuration 
file you will generally want to differentiate between administrative 
logons and ordinary access requests and there are a variety of ways to 
do this, including using Handlers like this:

<Handler Service-Type = Admin-User>
	# handle NAS logons
	<AuthBy LDAP2>
		.....
		AddToReply Service-Type = Admin-User
		....
	</AuthBy>
	....
</Handler>

<Handler>
	# handle ordinary access requests
	....
</Handler>


Note that this topic has been discussed on the mailing list previously, 
so check the archive site too:

	www.open.com.au/archives/radiator

regards

Hugh


On Wednesday, Mar 12, 2003, at 08:41 Australia/Melbourne, Freerk 
Bosscha wrote:

> Thanks for reading the question:
>
>  
>
> If the next are silly questions, I’m sorry, but I would like to have 
> an answer.
>
>  
>
> I would like to do the following:
>
>  
>
> Subnet 1.2.3.x / 255.255.255.0 must be validated bij ldap and a 
> specific dn
>
>  
>
> Subnet 1.2.4.x / 255.255.255.0 must be validated bij ldap and a 
> specific dn
>
>  
>
> Subnet 1.2.5.x / 255.255.255.0 must be validated bij ldap and a 
> specific dn
>
>  
>
> Further what need to be specified in the .cfg to validate only 
> specific users to logon to the
>
> Cisco switch or router itself.
>
> Perhaps I need to add specific attributes to the user-ldap-entry. If 
> so, could you please specify which to use ?
>
>  
>
> Thanks in advance,
>
>  
>
> Freerk Bosscha
>
> Noordelijke Hogeschool Leeuwarden
>
> The Netherlands
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 3563 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030312/579019e8/attachment.bin>


More information about the radiator mailing list