[RADIATOR] <AuthBy FILE> syntax

John Goubeaux goubeaux at education.ucsb.edu
Tue May 10 13:58:00 CDT 2016


Hi Folks,

Radiator 4.12.1

I'm attempting to add another  <AuthBy FILE>  statement in the below 
<AuthBy GROUP>  block that  will ACCEPT a user/pass combo IF they are 
in the FILE,  preferably after first checking the <AuthBy LDAP2> 
method.

I need to keep the first  two <AuthBy FILE>  methods, as they are 
Blacklist files AND it appears that I need to use AuthByPolicy 
ContinueWhileAccept as my GROUP policy for this to work.

So, the question is CAN I insert another <AuthBy FILE>  method after 
<AuthBy LDAP2> and will this work as I want IF the user is not in the 
LDAP Directory, eg IF LDAP fail;s will it drop down to the next 
<AuthBy> statement ?  OR do I need to add another <AuthBy GROUP>  all 
together in order for this to work ?

Thanks for any assistance !

-john






<AuthBy GROUP>
AuthByPolicy ContinueWhileAccept
         # Make sure MAC address is not blacklisted..
         <AuthBy FILE>
                 NoEAP
                 # Calling-Station-Id attribute is the user's MAC in this case.
                 AuthenticateAttribute Calling-Station-Id
                 AcceptIfMissing
                 Filename /etc/radiator/MacAddrBlacklist.txt
         </AuthBy>
         # Make sure USERNAME is not blacklisted..
         <AuthBy FILE>
                 NoEAP
                 AcceptIfMissing
                 Filename /etc/radiator/UsernameBlacklist.txt
         </AuthBy>

         <AuthBy LDAP2>
                 ### #Directory server info
                 Host            directory.ucsb.edu
                 Port            636
                 BaseDN          o=ucsb

                 #This specifies the attribute that must be present
                 #to allow authentication. Everyone has a uid....
                 UsernameAttr    uid
                 ServerChecksPassword


                 # This IS used for TLS or SSL between RADIATOR and [[LDAP]]....
                    UseSSL
                         SSLCAFile 
/etc/radiator/certs/demoCA/cacert.pem
                         SSLVerify               none
                 #HoldServerConnection
                 Timeout                 2
                 FailureBackoffTime      30
                 Version 3
         </AuthBy>
</AuthBy>








-- 
John Goubeaux
Systems Administrator
Gevirtz Graduate School of Education
UC Santa Barbara
Education 4203C
805 893-8190


More information about the radiator mailing list