[RADIATOR] Configuration Question
Derek Rider
derek.rider.ctr at nsoc.med.osd.mil
Tue Mar 13 10:57:21 CDT 2012
We currently have an installation running Radiator 3.15. We use Radiator for
TACACS authentication with Safeword. We are moving to version 4.9. Our
current radius.cfg, for the default realm, authenticates
users with the Authby File:
<Realm DEFAULT>
AuthByPolicy ContinueAlways
<AuthBy FILE>
Filename %D/tacacsusers
</AuthBy> ...
The file tacacusers has entries like the following:
UserOne
Tacacs-Group = ADMIN
UserTwo NAS-IP-Address = 111.111.111.111
Tacacs-Group = ADMIN
UserThree NAS-IP-Address = 222.222.222.222
Tacacs-Group = ADMIN
We then have about 300 additional AuthBy File statements. Each file is for
an individual device/IP at different locations. Users in these files have
different permissions as well. For example, READNOCONFIG or READONLY. This
has gotten to be a maintenance nightmare. Is there a better way to do this?
Also, we have a problem were a users rights for one device will change if
that user authenticates to another device with a higher level. For example,
we see a user authenticating to a device at a read only level. That same
user will then authenticate to another device at an ADMIN level. That users
rights to the first device will be for an ADMIN.
Derek Rider
Contractor
Systems Team
MHS Network Security Operations Center
SPAWAR Systems Center Atlantic (Code 5.8.2.5.0)
Phone: (843) 218-3710
derek.rider.ctr at nsoc.med.osd.mil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5726 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20120313/dbc0a7fc/attachment.bin
More information about the radiator
mailing list