[RADIATOR] Radmin Web interface
Heikki Vatiainen
hvn at open.com.au
Thu Nov 29 06:58:07 CST 2012
On 11/28/2012 11:16 PM, Murat Bilal wrote:
> In <ServerTACACSPlus> clause I have rules for command auth such as below:
> AuthorizeGroup DDAP6 permit service=shell cmd\* {priv-lvl=6}
> AuthorizeGroup DDAP6 deny service=shell cmd=show cmd-arg=.*
> AuthorizeGroup DDAP6 deny service=shell cmd=ping cmd-arg=.*
> AuthorizeGroup DDAP6 permit .* {}
> Is it possible to write these rules from Radmin Web interface?If so in
> which table .I am using the latest Radmin and Radiator version
Hello Murat,
yes, this is possible. Just add each line as e.g., OSC-Authorize-Group
with Radmin. That is, the user should have four OSC-Authorize-Group
reply attributes.
Then configure your <ServerTACACSPLUS> with
AuthorizeGroupAttr OSC-Authorize-Group
When you authenticate, the Access-Accept should have:
OSC-Authorize-Group = "permit service=shell cmd\* {priv-lvl=6}"
OSC-Authorize-Group = "deny service=shell cmd=show cmd-arg=.*"
OSC-Authorize-Group = "deny service=shell cmd=ping cmd-arg=.*"
OSC-Authorize-Group = "permit .* {}"
OSC-Group-Identifier = "group1"
Here OSC-Group-Identifier is configured as GroupMemberAttr. This will
set 'group1' as the authorization group for the user. During the
authorization the OSC-Authorize-Group attribute values are processed
first followed by group1 values as defined by AuthorizeGroup
configuration options.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list