[RADIATOR] Radmin Web interface

Heikki Vatiainen hvn at open.com.au
Fri Nov 30 04:24:22 CST 2012


On 11/30/2012 01:07 AM, Murat Bilal wrote:

> I do not understand.i want to edit those commands from Radmin Web Interface, not in /etc/radiator/radiator.cfg

Hello Murat,

please see below, I was describing doing this with Radmin. With Radmin
you need to add each line as a reply attribute. The attribute name (such
as OSC-Authorize-Group) is then configured as AuthorizeGroupAttr in
<ServerTACACSPLUS>.

Thanks,
Heikki

> -----Original Message-----
> From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] On Behalf Of Heikki Vatiainen
> Sent: 29 Kasım 2012 Perşembe 14:58
> To: radiator at open.com.au
> Subject: Re: [RADIATOR] Radmin Web interface
> 
> On 11/28/2012 11:16 PM, Murat Bilal wrote:
> 
>> In <ServerTACACSPlus> clause I have rules for command auth such as below:
>>          AuthorizeGroup DDAP6  permit service=shell cmd\* {priv-lvl=6}
>>          AuthorizeGroup DDAP6 deny service=shell cmd=show cmd-arg=.*
>>          AuthorizeGroup DDAP6  deny service=shell cmd=ping cmd-arg=.*
>>          AuthorizeGroup DDAP6 permit .* {}
> 
>> Is it possible to write these rules from Radmin Web interface?If so in 
>> which table .I am using the latest Radmin and Radiator version
> 
> Hello Murat,
> 
> yes, this is possible. Just add each line as e.g., OSC-Authorize-Group with Radmin. That is, the user should have four OSC-Authorize-Group reply attributes.
> 
> Then configure your <ServerTACACSPLUS> with
>   AuthorizeGroupAttr OSC-Authorize-Group
> 
> When you authenticate, the Access-Accept should have:
> 	OSC-Authorize-Group = "permit service=shell cmd\* {priv-lvl=6}"
> 	OSC-Authorize-Group = "deny service=shell cmd=show cmd-arg=.*"
> 	OSC-Authorize-Group = "deny service=shell cmd=ping cmd-arg=.*"
> 	OSC-Authorize-Group = "permit .* {}"
> 	OSC-Group-Identifier = "group1"
> 
> Here OSC-Group-Identifier is configured as GroupMemberAttr. This will set 'group1' as the authorization group for the user. During the authorization the OSC-Authorize-Group attribute values are processed first followed by group1 values as defined by AuthorizeGroup configuration options.
> 
> Thanks,
> Heikki
> 
> 
> --
> Heikki Vatiainen <hvn at open.com.au>
> 
> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
> 


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list