[RADIATOR] Multiple Users in a Flat File

Johnson, Neil M neil-johnson at uiowa.edu
Tue Jan 16 23:00:01 UTC 2018


The problem is I have 16 different types of equipment that require different RADIUS attribute values returned, depending on the user.

i.e A user may get read-only access to equipment type A, but need full-access to equipment type B.

Am I going to have to setup 16 different handlers, and 16 different flat files?

Any suggestions on a better way to do that? 

Thanks!

-Neil


On 1/16/18, 4:40 PM, "Bjoern A. Zeeb" <bzeeb-lists at lists.zabbadoz.net> wrote:

    On 16 Jan 2018, at 22:10, Johnson, Neil M wrote:
    
    > I’m guessing this has been answered, but my Google skills are 
    > failing me today.
    >
    > I need to return different RADIUS attributes to devices based on the 
    > client identifier.
    >
    > I tried making the entries in the users file like this:
    >
    > #
    > # rasauser is used by netinisight to log into controllers and Airwave 
    > as a read only user
    > #
    > # AMP Servers
    > lu_rasauser User-Password = “secret”, Client-Identifier = 
    > AMP_Clients
    >         Session-Timeout=0,Aruba-Admin-Role="Admin"
    >
    > # WLAN Controllers:
    > lu_rasauser User-Password = “secret”, Client-Identifier = 
    > Aruba_WLAN_CTRL_Clients
    >         Session-Timeout=0,Aruba-Admin-Role="read-only"
    >
    > But it appears that it always only matches the first entry in the 
    > file.
    
    Not matches, but picks.  findUser() in AuthGeneric will call that 
    function in AuthFILE and that will always only match the first user, 
    take the check and reply attributes, create a new object and return it;  
    if the check attributes don’t match you basically lost.
    
    
    > Is there as way to to do this?
    
    With text files, use multiple AuthBy FILE clauses with two (or how many 
    duplicate user names with different check item you have) different files 
    in your handler with a suitable policy, e.g. ContinueUntilAccept.
    
    Something like this:
    
      <Handler>
          AuthByPolicy ContinueUntilAccept
    
          <AuthBy FILE>
               Filename AMP_Clients
          </AuthBy>
    
          <AuthBy FILE>
               Filename Aruba_WLAN_CTRL_Clients
          </AuthBy>
      </Handler>
    
    



More information about the radiator mailing list