Re: Multiple NAS Vendors, one user-id?

Fri, 07 Jan 2005 13:52:08 -0800 


On Jan 7, 2005, at 3:32 PM, Dustin Doris wrote:



On Fri, 7 Jan 2005, Dustin Doris wrote:

Maybe you can do groups. For example, setup an unlimited group
and a read_only group. Then put the users into the appropriate group.

Have your users file say something like.

DEFAULT  Huntgroup-Name == Juniper, Group == "unlimited"
        Juniper-Local-User-Name = "UNLIMITED"

DEFAULT Huntgroup-Name == Juniper, Group == "read_only"
        Juniper-Local-User-Name = "READ_ONLY"

This seems like the answer, but I am again being stupid and must be missing
something. When I try to login now, I get authenticated, but the Attributes
never get sent back. Here is what I have defined:
----------------------------------------------------------------
DEFAULT Group == "J-UNRESTRICTED", Huntgroup-Name == JUNIPER
Juniper-Local-User-Name = "UNRESTRICTED",
Fall-Through = Yes

DEFAULT Group == "R-UNRESTRICTED", Huntgroup-Name == RIVERSTONE
       Riverstone-User-Level = 15,
        Fall-Through = Yes

jfeger  Auth-Type = System
       Group = "J-UNRESTRICTED"


I think that you can't put the group a user is in in the users file. I
would suggest putting your users and groups into some type of backend like
mysql or ldap. I believe you could also get what you want in the password
module, with something like what is in the etc_group module in the default
radiusd.conf file. Or you can use the unix module and store all your
users and groups in /etc/passwd, /etc/shadow, /etc/group. That would mean
having local users on that machine, however. 

Remember that the users file is parsed top down.

Reverse the order of the logic, and you should get it to work. Also note
the use of the 'set' operator ':='.

jimbob   Group := "J-UNRESTRICTED"
        Fall-Through = Yes

billybob Group := "J-RESTRICTED"
        Fall-Through = Yes

DEFAULT  Group == "J-UNRESTRICTED", Huntgroup-Name == "JUNIPER"
        Juniper-Local-User-Name = "unrestricted",
        Fall-Through = Yes

DEFAULT  Group == "J-RESTRICTED", Huntgroup-Name == "JUNIPER"
        Juniper-Local-User-Name = "unrestricted",
        Fall-Through = Yes

DEFAULT  Auth-Type = System

-Chris
--
   \\\|||///  \ StarNet - A US LEC Company \         Chris Parker
   \ ~   ~ /   \  Wholesale Internet        \   Director, Engineering
   | @   @ |    \   http://www.megapop.net   \   (847) 963-0116 x321
oOo---(_)---oOo--\------------------------------------------------------
     VoiceEclipse, The Fresh Alternative http://www.voiceeclipse.com


- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to