[RADIATOR] custom schema for users

Hugh Irvine hugh at open.com.au
Wed Nov 2 01:58:40 CDT 2011 

Hello Sergey -

What SQL database schema are you using? How are you maintaining the user records and so on?

The VSA's need to be added to the Radiator dictionary, and then the correct VSA needs to be returned for each user.

I have already added the NSN attributes to the Radiator dictionary as follows:


#
# NSN Vendor specifics
#
VENDOR      NSN         28458
VENDORATTR  28458       NSN-System-Type                             101 integer
VENDORATTR  28458       NSN-User-Class                              103 integer
VENDORATTR  28458       NSN-Current-Logins                          105 integer
VENDORATTR  28458       NSN-Maximum-Logins                          106 integer
VENDORATTR  28458       NSN-LastLoginDateTime                       107 string
VENDORATTR  28458       NSN-NMS-User-Groups                         109 string

VALUE       NSN-System-Type                     TNMS                0
VALUE       NSN-System-Type                     hiT7100             7100
VALUE       NSN-System-Type                     hiT7300             7300
VALUE       NSN-System-Type                     hiT7500             7500

VALUE       NSN-User-Class                      Administration      1
VALUE       NSN-User-Class                      Configuration       2
VALUE       NSN-User-Class                      Operation           3
VALUE       NSN-User-Class                      Maintenance         4
VALUE       NSN-User-Class                      Supervision         5


You therefore need to add "NSN-User-Class = Administration" or whatever to each user definition as a reply attribute.

A simple users file entry would look like this;


sergey  Password = whateverthepasswordis
	NSN-User-Class = Administration


Please contact me off list to discuss this in more detail.

Hope that helps.

regards

Hugh



On 2 Nov 2011, at 16:42, Zak, Sergey (NSN - AU/Bayswater) wrote:

> Hello
> I have a simple request, but can't find how to accomplish this.
> We are using a RADIUS-capable device, which allows to assign users into
> different user classes (permission levels).
> It sends out RADIUS packets and with Access-Accept messages, it expects
> a custom VSA returned, that should contain requestor's user class
> (integer, 1 to 5).
> 
> As I understand, we need to:
> 1. Extend user schema and add this attribute.
> 2. Then, we need to configure a Service Profile that would return this
> attribute from mySQL request with username.
> 
> I had a look into Service Profile setup and it's just a string field for
> Vendor-Specific VSA. Can I put a query there inline? What syntax should
> I use there?
> 
> How can we accomplish this two points above?
> 
> Kind Regards
> Sergey Zak
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. 
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.

More information about the radiator mailing list