[RADIATOR] <AuthBy FILE> syntax
John Goubeaux
goubeaux at education.ucsb.edu
Tue May 10 13:58:00 CDT 2016
Hi Folks,
Radiator 4.12.1
I'm attempting to add another <AuthBy FILE> statement in the below
<AuthBy GROUP> block that will ACCEPT a user/pass combo IF they are
in the FILE, preferably after first checking the <AuthBy LDAP2>
method.
I need to keep the first two <AuthBy FILE> methods, as they are
Blacklist files AND it appears that I need to use AuthByPolicy
ContinueWhileAccept as my GROUP policy for this to work.
So, the question is CAN I insert another <AuthBy FILE> method after
<AuthBy LDAP2> and will this work as I want IF the user is not in the
LDAP Directory, eg IF LDAP fail;s will it drop down to the next
<AuthBy> statement ? OR do I need to add another <AuthBy GROUP> all
together in order for this to work ?
Thanks for any assistance !
-john
<AuthBy GROUP>
AuthByPolicy ContinueWhileAccept
# Make sure MAC address is not blacklisted..
<AuthBy FILE>
NoEAP
# Calling-Station-Id attribute is the user's MAC in this case.
AuthenticateAttribute Calling-Station-Id
AcceptIfMissing
Filename /etc/radiator/MacAddrBlacklist.txt
</AuthBy>
# Make sure USERNAME is not blacklisted..
<AuthBy FILE>
NoEAP
AcceptIfMissing
Filename /etc/radiator/UsernameBlacklist.txt
</AuthBy>
<AuthBy LDAP2>
### #Directory server info
Host directory.ucsb.edu
Port 636
BaseDN o=ucsb
#This specifies the attribute that must be present
#to allow authentication. Everyone has a uid....
UsernameAttr uid
ServerChecksPassword
# This IS used for TLS or SSL between RADIATOR and [[LDAP]]....
UseSSL
SSLCAFile
/etc/radiator/certs/demoCA/cacert.pem
SSLVerify none
#HoldServerConnection
Timeout 2
FailureBackoffTime 30
Version 3
</AuthBy>
</AuthBy>
--
John Goubeaux
Systems Administrator
Gevirtz Graduate School of Education
UC Santa Barbara
Education 4203C
805 893-8190
More information about the radiator
mailing list