[RADIATOR] evaluation - Checkby syntax
Robb Pfrank
robb at headlandstech.com
Tue Apr 3 14:30:33 CDT 2012
I am evaluating radiator and would like to setup authentication using linux username & passwords as well as another type of check to allow access. For instance check if the user is part of a particular group before having their login accepted. Specifically I want to limit networking equipment access to users in the netadm group, I am running this on fedora 12. Below is my simple.cfg for testing, everything else works fine but I am having trouble interpreting the documentation for tiered authentication. Thank you for your assistance.
SIMPLE.CFG
Foreground
LogStdout
LogDir .
DbDir .
# User a lower trace level in production systems:
Trace 4
AuthPort 1645,1812
AcctPort 1646,1813
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
<Client>
Secret mysecret
DupInterval 0
</Client>
<Client DEFAULT>
Secret mysecret
</Client>
<Realm>
<AuthBy UNIX>
Identifier System
Filename /etc/shadow
#Filename /etc/passwd
GroupFilename /etc/group
# Log accounting to a detail file
AcctLogFileName /etc/radiator/radiator.log
<ServerHTTP>
Port 8100
DefaultPrivilegeLevel 15
</ServerHTTP>
</Realm>
Current output checking Linux /etc/passwd file, need to add group or some other type of identifier mechanism to the check.
Tue Apr 3 15:28:12 2012: ERR: Could not resolve an address for Client
Tue Apr 3 15:28:12 2012: ERR: Unknown keyword 'AcctLogFileName' in simple.cfg line 65
Tue Apr 3 15:28:13 2012: DEBUG: Creating StreamServer tcp port 0.0.0.0:8100
Tue Apr 3 15:28:13 2012: DEBUG: Finished reading configuration file 'simple.cfg'
This Radiator license will expire on 2012-08-01
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/ordering.html
To extend your license period, contact admin at open.com.au
Tue Apr 3 15:28:13 2012: DEBUG: Reading dictionary file './dictionary'
Tue Apr 3 15:28:13 2012: DEBUG: Creating authentication port 0.0.0.0:1645
Tue Apr 3 15:28:13 2012: DEBUG: Creating authentication port 0.0.0.0:1812
Tue Apr 3 15:28:13 2012: DEBUG: Creating accounting port 0.0.0.0:1646
Tue Apr 3 15:28:13 2012: DEBUG: Creating accounting port 0.0.0.0:1813
Tue Apr 3 15:28:13 2012: NOTICE: Server started: Radiator 4.9 on sec-l-adm02 (LOCKED)
Tue Apr 3 15:28:34 2012: DEBUG: Packet dump:
*** Received from 10.2.120.150 port 56193 ....
Code: Access-Request
Identifier: 64
Authentic: <131><19><159><26><141><164><247><161>`<143><202>G<202>mA<186>
Attributes:
User-Name = "robert"
User-Password = <226>D4<133>#y<153>=<251><186>r<136><14><8><143><147>
NAS-Port-Id = "ttyS0"
Service-Type = NAS-Prompt-User
NAS-Port = 0
NAS-IP-Address = 10.2.120.150
Tue Apr 3 15:28:34 2012: DEBUG: Handling request with Handler 'Realm=', Identifier ''
Tue Apr 3 15:28:34 2012: DEBUG: Deleting session for robert, 10.2.120.150, 0
Tue Apr 3 15:28:34 2012: DEBUG: Handling with Radius::AuthUNIX: System
Tue Apr 3 15:28:34 2012: DEBUG: Reading group file /etc/group
Tue Apr 3 15:28:34 2012: DEBUG: Radius::AuthUNIX looks for match with robert [robert]
Tue Apr 3 15:28:34 2012: DEBUG: Radius::AuthUNIX ACCEPT: : robert [robert]
Tue Apr 3 15:28:34 2012: DEBUG: AuthBy UNIX result: ACCEPT,
Tue Apr 3 15:28:34 2012: DEBUG: Access accepted for robert
Tue Apr 3 15:28:34 2012: DEBUG: Packet dump:
*** Sending to 10.2.120.150 port 56193 ....
Code: Access-Accept
Identifier: 64
Authentic: k<206><151><250>5<246>p=<23><141>.<197><167><244>Un
Attributes:
Robb Pfrank
Office +1 (312) 601-8647
robb at headlandstech.com
The contents of this message (including any attachment(s)) may be privileged and confidential and is intended solely for the private use of the intended recipient(s). If you are not the intended recipient or have received this message in error, please notify the sender immediately and delete the message. You should not disseminate, distribute or copy this message without the permission of the author. This message cannot in any way bind Headlands Technologies LLC or any affiliate to any contract or other obligation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20120403/8e73bff9/attachment.html
More information about the radiator
mailing list