[RADIATOR] matching based on one value of an attribute multiple times in request

Tuure Vartiainen vartiait at open.com.au
Thu Jul 13 13:21:31 UTC 2017


Hi,

> On 13 Jul 2017, at 15.56, Hartmaier Alexander <alexander.hartmaier at t-systems.at> wrote:
> 
> On 2017-07-13 14:19, Tuure Vartiainen wrote:
>> 
>> 
>> So OSC-Authorize-Group attributes define group ids which are allowed to login
>> to that device?
> It's added metadata for the request which includes all groups the device
> is member of.
>> 
>>> A Handler for example matches on OSC-Authorize-Group=123, which works as
>>> long as the device is only member of this single group but not if in
>>> multiple like in the above example.
>>> 
>> How is mapping to user groups done within a handler?
>> 
>> One option could be DynamicCheck which can be used for implementing a group check?
>> 
>> http://www.open.com.au/radiator/ref/DynamicCheck.html#DynamicCheck
> One handler per group, the AuthBy SQL only includes users authorized for
> that group of devices.
> The goal is to allow everybody in our team to modify the group
> membership through our NMS without any knowledge of Radiator or config
> change there.
> 
> <Handler Client-Identifier=radius-proxy-1, OSC-Authorize-Group=123>
> 

Ok.

>> 
>>> I haven't found an example how to match on the value of an attribute
>>> which occurs multiple times in the authentication request, is it possible?
>>> 
>> Unfortunately not currently. I created a feature request for this.
> Thanks! Any idea how long that might take to implement?

I’ll send you a patch to test.


BR
-- 
Tuure Vartiainen <vartiait at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.



More information about the radiator mailing list