[RADIATOR] Multiple Users in a Flat File

Hugh Irvine hugh at open.com.au
Wed Jan 17 06:51:53 UTC 2018 

Hello Neil -

The other way to do this is with DEFAULT users, which may or may not be simpler depending on how many users you have.

In my opinion however, separate Handlers for each Client-Identifier is much clearer.

regards

Hugh


> On 17 Jan 2018, at 10:00, Johnson, Neil M <neil-johnson at uiowa.edu> wrote:
> 
> The problem is I have 16 different types of equipment that require different RADIUS attribute values returned, depending on the user.
> 
> i.e A user may get read-only access to equipment type A, but need full-access to equipment type B.
> 
> Am I going to have to setup 16 different handlers, and 16 different flat files?
> 
> Any suggestions on a better way to do that? 
> 
> Thanks!
> 
> -Neil
> 
> 
> On 1/16/18, 4:40 PM, "Bjoern A. Zeeb" <bzeeb-lists at lists.zabbadoz.net> wrote:
> 
>    On 16 Jan 2018, at 22:10, Johnson, Neil M wrote:
> 
>> I’m guessing this has been answered, but my Google skills are 
>> failing me today.
>> 
>> I need to return different RADIUS attributes to devices based on the 
>> client identifier.
>> 
>> I tried making the entries in the users file like this:
>> 
>> #
>> # rasauser is used by netinisight to log into controllers and Airwave 
>> as a read only user
>> #
>> # AMP Servers
>> lu_rasauser User-Password = “secret”, Client-Identifier = 
>> AMP_Clients
>>        Session-Timeout=0,Aruba-Admin-Role="Admin"
>> 
>> # WLAN Controllers:
>> lu_rasauser User-Password = “secret”, Client-Identifier = 
>> Aruba_WLAN_CTRL_Clients
>>        Session-Timeout=0,Aruba-Admin-Role="read-only"
>> 
>> But it appears that it always only matches the first entry in the 
>> file.
> 
>    Not matches, but picks.  findUser() in AuthGeneric will call that 
>    function in AuthFILE and that will always only match the first user, 
>    take the check and reply attributes, create a new object and return it;  
>    if the check attributes don’t match you basically lost.
> 
> 
>> Is there as way to to do this?
> 
>    With text files, use multiple AuthBy FILE clauses with two (or how many 
>    duplicate user names with different check item you have) different files 
>    in your handler with a suitable policy, e.g. ContinueUntilAccept.
> 
>    Something like this:
> 
>      <Handler>
>          AuthByPolicy ContinueUntilAccept
> 
>          <AuthBy FILE>
>               Filename AMP_Clients
>          </AuthBy>
> 
>          <AuthBy FILE>
>               Filename Aruba_WLAN_CTRL_Clients
>          </AuthBy>
>      </Handler>
> 
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au
> http://lists.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.

More information about the radiator mailing list