(RADIATOR) How to reject users in a file

Forbes Mike Mike.Forbes at Colorado.EDU
Fri Sep 12 18:30:04 CDT 2003 

Thanks Hugh, I saw that but did not put it together with the aut-type =
reject.

Mike


On Sat, 13 Sep 2003, Hugh Irvine wrote:

>
> Hello Mike -
>
> Yes this is quite simple to acheive.
>
> <Handler Realm=MODEMS>
>          RewriteUsername s/^([^@]+).*/$1/
>          <AuthBy GROUP>
>                  AuthByPolicy ContinueUntilReject
>
>                  <AuthBy FILE>
>                          Filename %D/reject.users
>                          AcceptIfMissing
>                  </AuthBy>
>
>                  <AuthBy PAM>
>                          Fork
>                          Service radiusd
>                  </AuthBy>
>
>          </AuthBy>
>          AuthLog Modem_Login_Failures
>           AcctLogFileName %L/Modems.log
> </Handler>
>
>
> The file "%D/reject.users" would contain something like this:
>
> # reject.users
>
> username1	Auth-Type = Reject
>
> username2	Auth-Type = Reject
>
> .......
>
>
> If you have any other questions, please contact me.
>
> regards
>
> Hugh
>
>
> On Saturday, Sep 13, 2003, at 06:56 Australia/Melbourne, Forbes Mike
> wrote:
>
> >
> > I have a request to block certain users access to our modem pool.
> >
> > Users are first authenticated by kerb via PAM.  What I would like to
> > do is
> > have radius then check to see if they are listed in a file and reject
> > them
> > only if they are listed.  If they are not in the file they can logon.
> >
> > I saw the username authtype example in the manual, is there a way to do
> > this in a file for a larger number?
> >
> > Could you do the AuthByPolicy ContinueWhileReject and put this before
> > my
> > authbypam below?
> >
> > My handler is below.
> >
> > Mike Forbes
> >
> >
> > <Handler Realm=MODEMS>
> >         RewriteUsername s/^([^@]+).*/$1/
> >         <AuthBy GROUP>
> >                 AuthByPolicy ContinueUntilReject
> >                 <AuthBy PAM>
> >                         Fork
> >                         Service radiusd
> >                 </AuthBy>
> >         </AuthBy>
> >         AuthLog Modem_Login_Failures
> >          AcctLogFileName %L/Modems.log
> > </Handler>
> >
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
> >
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list