[RADIATOR] RADGROUPAUTH and RADUSERS

Heikki Vatiainen hvn at open.com.au
Mon Nov 12 05:03:49 CST 2012 

On 11/10/2012 05:21 PM, Murat Bilal wrote:

> I added a new user from RADMIN but it always use the group2  defined in
> <ServerTACACSPLUS> clause.Although the user do not belong any group.
> 
> *My <ServerTACACSPLUS> includes two groups but always reply come from
> group2.I am very confused.please help.*

Try this:

1. Use OSC-AVPAIR as the group attribute in Radmin. That is, add the
users and then add OSC-AVPAIR for the users with desired group value
(group1, group2, ...) as the value.

2. Change GroupMemberAttr in ServerTACACSPLUS to OSC-AVPAIR

The default UserAttrQuery should then retrieve OSC-AVPAIR from the
Radmin DB and return it with the reply to ServerTACACSPLUS. The
ServerTACACSPLUS clause will then use the value of OSC-AVPAIR to do the
AuthorizeGroup matching.

Thanks,
Heikki


> * *
> 
> *<ServerTACACSPLUS>*
> 
> *         AddToRequest OSC-Group-Identifier = group1*
> 
> *         AddToRequest OSC-Group-Identifier = group2*
> 
> *         AuthorizeGroup group1 permit service=shell cmd=\*
> {cisco-avpair="priv-lvl=15"}*
> 
> *          GroupMemberAttr OSC-Group-Identifier*
> 
> *          AuthorizeGroup group1  permit service=shell cmd=show cmd-args=.**
> 
> *         AuthorizeGroup group1 permit .**
> 
> * *
> 
> *         AuthorizeGroup  group2  deny .**
> 
> * *
> 
> *</ServerTACACSPLUS> *
> 
> * *
> 
> *My sample radius.cfg I at the attachment.*
> 
> * *
> 
> *MURAT BİLAL * 
> *Services Engineer*
> 
> 
> Ericsson Turkey
> CU Customer Support
> Cyber Plaza C Blok Kat:1 No:146
> Cyberpark 6800 Bilkent/Ankara
> Mobile +90 554 898 98 43
> murat.bilal at ericsson.com <mailto:murat.bilal at ericsson.com>
> www.ericsson.com  
> 
> 
> 
> <http://www.ericsson.com/>  
> 
> 
> This Communication is Confidential. We only send and receive email on
> the basis of the terms set out at www.ericsson.com/email_disclaimer
> <http://www.ericsson.com/email_disclaimer>  
> 
>  
> 
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
> 


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list