(RADIATOR) Re: Authenticate differently from same NAS
Hugh Irvine
hugh at open.com.au
Fri Dec 30 03:46:18 CST 2005
Hello -
I suspect you need to add at least the following reply attributes:
# flat file define for ecomail user
<Handler Client-Identifier = NASinternet>
<AuthBy UNIX>
Filename /etc/shadow
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP
</AuthBy>
</Handler>
hope that helps
regards
Hugh
On 30 Dec 2005, at 20:38, G. S. Rakhra wrote:
> Dear Sir,
>
> We are using RADIUS server Radiator-2.18.4 for authentication
> Internet and email only users.
>
> Internet clients dial to Cisco AS5300 RAS with E1 No. 15113 and are
> authenticated with RADIUS server. The authenication is via SQL
> database. The Internet user enters username in the form of
> user at domain.com
>
> Ecomail clients dial to Cisco 2610 router with PSTN lines and are
> authenticated with same RADIUS server. In 2610 router we have
> access list to block browsing for Ecomail clients. They are being
> allowed only for Email communication. The ecomail users don't use
> and Realm with their username and authentication is with /etc/
> shadow file on the same RADIUS server.
>
> Now what I want is to make the Ecomail clients dial to Cisco AS5300
> RAS with same digital 15113 no. and to be authenticated with same
> RADIUS server. The Internet users will be authenticated using SQL
> database and Ecomail clients to be authenticated with /etc/shadow
> file on same RADIUS server. That is both types of clients should
> dial to Cisco AS5300 RAS with E1 15113 no. I don't want to use
> separate Cisco 2610 router for Ecomail clients. Later on I need to
> configure access list for these clients to block Internet browsing.
>
> The existing working radius.conf file is attached.
>
> To try authentication of both users I made following changes in the
> conf file
>
> #internet client AuthBy SQL(IP of Cisco AS5300 RAS)
> <Client 192.168.65.2>
> Identifier NASinternet
> Secret <secret_key>
> NasType Cisco
> SNMPCommunity <community_name>
> </Client>
> # internet client for fewanet handler
> <Handler Realm=fewanet.com.np,Client-Identifier = NASinternet>
> AuthBy auth_pkr
> PostAuthHook file:"%D/checkblocktimeleft"
> SessionDatabase SessSQL
> </Handler>
> # flat file define for ecomail user
> <Handler Client-Identifier = NASinternet>
> <AuthBy UNIX>
> Filename /etc/shadow
> </AuthBy>
> </Handler>
>
>
> After this when I tried authentication, the Internet users were
> authenticated successfully but Ecomail users got "PPP Authorization
> failed" error.
>
> Do I need to make certain changes to Cisco AS5300 RAS also?
>
> Thanks
> G. S. Rakhra
> <radonlinetest.txt>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list