(RADIATOR) How to reject users in a file

Hugh Irvine hugh at open.com.au
Fri Sep 12 18:14:04 CDT 2003 

Hello Mike -

Yes this is quite simple to acheive.

<Handler Realm=MODEMS>
         RewriteUsername s/^([^@]+).*/$1/
         <AuthBy GROUP>
                 AuthByPolicy ContinueUntilReject

                 <AuthBy FILE>
                         Filename %D/reject.users
                         AcceptIfMissing
                 </AuthBy>

                 <AuthBy PAM>
                         Fork
                         Service radiusd
                 </AuthBy>

         </AuthBy>
         AuthLog Modem_Login_Failures
          AcctLogFileName %L/Modems.log
</Handler>


The file "%D/reject.users" would contain something like this:

# reject.users

username1	Auth-Type = Reject

username2	Auth-Type = Reject

.......


If you have any other questions, please contact me.

regards

Hugh


On Saturday, Sep 13, 2003, at 06:56 Australia/Melbourne, Forbes Mike 
wrote:

>
> I have a request to block certain users access to our modem pool.
>
> Users are first authenticated by kerb via PAM.  What I would like to 
> do is
> have radius then check to see if they are listed in a file and reject 
> them
> only if they are listed.  If they are not in the file they can logon.
>
> I saw the username authtype example in the manual, is there a way to do
> this in a file for a larger number?
>
> Could you do the AuthByPolicy ContinueWhileReject and put this before 
> my
> authbypam below?
>
> My handler is below.
>
> Mike Forbes
>
>
> <Handler Realm=MODEMS>
>         RewriteUsername s/^([^@]+).*/$1/
>         <AuthBy GROUP>
>                 AuthByPolicy ContinueUntilReject
>                 <AuthBy PAM>
>                         Fork
>                         Service radiusd
>                 </AuthBy>
>         </AuthBy>
>         AuthLog Modem_Login_Failures
>          AcctLogFileName %L/Modems.log
> </Handler>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list