[RADIATOR] Is this config possible?
Johnson, Neil M
neil-johnson at uiowa.edu
Thu Oct 29 13:18:19 CDT 2015
I would like to authenticate users against the system’s UNIX password file and then return attributes based on the UNIX group the user belongs to.
Will the following work?
Thanks!
-Neil
Example Config:
##### In the radius.cfg file...
####
# Client Definitions
####
<Client 192.168.5.1/32>
Identifier CiscoRouter
Secret Shhhh1!
</Client>
<Client 192.168.10.2/32>
Identifier WirelessController
Secret Shhhh2!
</Client>
####
# AuthBy Clauses
####
<AuthBy UNIX>
Identifier System
Filename /etc/shadow
Nocache
</AuthBy>
####
# Realms
####
<Realm DEFAULT>
<AuthBy FILE>
</AuthBy>
</Realm>
#### In the users file ....
# Allow non-admin access to Cisco Routers
DEFAULT Auth-Type = System, Client-Identifier = CiscoRouter, Group = CiscoRouterUsers
# Return NON enabled privileges attributes
# Allow admin access to Cisco Routers
DEFAULT Auth-Type = System, Client-Identifier = CiscoRouter, Group = CiscoRouterAdmins
# Return ENABLED privileges attributes
AddToReply Session-Timeout=0,cisco-avpair=shell:roles="network-admin"
# Allow non-admin access to Wireless Controller
DEFAULT Auth-Type = System, Client-Identifier = WirelessController, Group = WirelessUsers
# Return NON enabled privileges attributes
# Allow admin access to Wireless Controller
DEFAULT Auth-Type = System, Client-Identifier = WirelessController, Group = WirelessAdmins
# Return enabled privileges attributes
AddToReply Session-Timeout=0,Callback-Number=admin
... etc.
--
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
E-Mail: neil-johnson at uiowa.edu
More information about the radiator
mailing list