[RADIATOR] IPv6 TACACS+

Hugh Irvine hugh at open.com.au
Mon May 24 05:08:17 CDT 2010


Hello Alex -

You would typically define different groups in the ServerTACACSPLUS AuthorizeGroup lines:


	.....

	AuthorizeGroup ThisGroup ....
	AuthorizeGroup ThisGroup .....

	.....

	AuthorizeGroup ThatGroup .....
	AuthorizeGroup ThatGroup .....

	.....

	AuthorizeGroup SomeOtherGroup .....
	AuthorizeGroup SomeOtherGroup .....

	.....


and then put the users in the respective groups according to the device they log in from.

regards

Hugh
	


On 21 May 2010, at 03:41, Alexander Hartmaier wrote:

> Hi,
> 
> we're looking for a way to not only limit what a user of a group is
> allowed to to (=authorization) but also on which devices.
> 
> Is there a recommended way of grouping tacacs+ clients so the groupname
> can be used as e.g. check attribute for the tacacsgroup?
> 
> --
> Best regards, Alex
> 
> 
> Am Mittwoch, den 12.05.2010, 11:02 +0200 schrieb Hugh Irvine:
>> Hello Subash -
>> 
>> See "goodies/tacplus.txt" (I have included it in this email for your convenience).
>> 
>> regards
>> 
>> Hugh
>> 
>> 
> 
> 
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> T-Systems Austria GesmbH   Rennweg 97-99, 1030 Wien
> Handelsgericht Wien, FN 79340b
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> Notice: This e-mail contains information that is confidential and may be privileged.
> If you are not the intended recipient, please notify the sender and then
> delete this e-mail immediately.
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.





More information about the radiator mailing list