[RADIATOR] Ideas on group and reply attribs parsing

Garry Shtern Garry.Shtern at twosigma.com
Fri Apr 5 15:17:39 CDT 2013


Hi Hugh,

I am not quite clear on how this would help me.  Fall-Through controls whether we will continue looking even after a REJECT. That's not what I want.  I am looking to augment AuthBy FILE to match against the groups that we retrieved in AuthBy LDAP2.  I want to return as soon as the first Group= is matched and reject if none are matched...

Thanks,

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Friday, April 05, 2013 3:30 AM
To: Garry Shtern
Cc: 'Heikki Vatiainen'; radiator at open.com.au
Subject: Re: [RADIATOR] Ideas on group and reply attribs parsing


Hi Garry -

You probably want "Fall-Through" in your first set of DEFAULT entries.

See the following section in "doc/ref.pdf":
 

13.2.7 Fall-Through

This attribute is not actually returned to the NAS. Its presence causes Radiator to continue looking for a match with the next DEFAULT user name.

        Fall-Through = yes


regards

Hugh


On 5 Apr 2013, at 08:04, Garry Shtern <Garry.Shtern at twosigma.com> wrote:

> I actually did.  It's similar to what I want to do, with the exception of the fact that I want to store the group to reply mappings in local files, rather than SQL server. 
> 
> I am thinking of using a hook to create a "userIsInGroup" function local to AuthBy FILE.  What do you think?
> 
> -----Original Message-----
> From: radiator-bounces at open.com.au 
> [mailto:radiator-bounces at open.com.au] On Behalf Of Heikki Vatiainen
> Sent: Thursday, April 04, 2013 4:47 PM
> To: radiator at open.com.au
> Subject: Re: [RADIATOR] Ideas on group and reply attribs parsing
> 
> On 04/04/2013 11:24 PM, Garry Shtern wrote:
> 
>> Thanks for the pointer.  What I want to accomplish (forgetting about 
>> the actual code), it define all of my users in a single file.  And in 
>> the same file to be able to distinguish which reply attributes are 
>> returned based on the RADIUS client.
> 
> It's getting a bit late here, so I'll now just ask if you have noticed goodies/lookupauthgroup.pl? It uses SQL, but could still be useful as another pointer.
> 
> Thanks,
> Heikki
> 
> --
> Heikki Vatiainen <hvn at open.com.au>
> 
> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. 
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.



More information about the radiator mailing list