[RADIATOR] (RADIATOR) assign privilege or login access
Hugh Irvine
hugh at open.com.au
Wed Jun 25 17:52:14 CDT 2008
Hello Eddie -
Here is a rough example:
......
<Client 1.1.1.1>
Identifier CORE
.....
</Client>
<Client 2.2.2.2>
Identifier CORE
.....
</Client>
<Client 3.3.3.3>
Identifier CORE
.....
</Client>
.....
<Client 4.4.4.4>
Identifier DMZ
.....
</Client>
<Client 5.5.5.5>
Identifier DMZ
.....
</Client>
<Client 6.6.6.6>
Identifier DMZ
.....
</Client>
.......
<Handler Client-Identifier = CORE>
# check that the user has access to CORE devices
<AuthBy ...>
.....
</AuthBy>
</Handler>
<Handler Client-Identifier = DMZ>
# check that the user has access to DMZ devices
<AuthBy ...>
.....
</AuthBy>
</Handler>
......
hope that helps
regards
Hugh
On 25 Jun 2008, at 11:01, Eddie Chu wrote:
> Where can I find more information from the manual.
>
> Best Rgds,
> Eddie Chu
>
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Wed 6/25/2008 8:13 AM
> To: Eddie Chu
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) assign privilege or login access
>
>
> Hello Eddie -
>
> You typically tag your Client devices with Identifiers, and then have
> the list of staff and device Identifier's in a file or database.
>
> Your Radiator configuration then checks the Client device and staff
> member against the file or database.
>
> The exact details depend on your exact requirements.
>
> regards
>
> Hugh
>
>
> On 24 Jun 2008, at 13:26, Eddie Chu wrote:
>
>> Dear Sir,
>>
>> If we have 10 support staff, and each responsible for different
>> network devices and servers, how can we assign privilege for
>> different
>> account and devices / servers in Radiator, which is a central user
>> repository.
>>
>> For example, peter should has administrative right to the Cisco
>> router in DMZ, but cannot login to the Cisco router outside there and
>> all server.
>>
>>
>> Best Rgds,
>> Eddie Chu
>>
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list