Sorry for the delay in follow-up; it looks like this may do exactly what
we need. You've been great help!
As usual, I do have another question. :-) This doesn't appear to be
working for primary groups, only for userids specified explicitly in
the /etc/group file. I saw some discussion about this in the archive,
but didn't find a definitive answer. Does 2.14.1 find the primary
group info when using /etc/shadow instead of /etc/passwd as the file
for AuthBy UNIX?
We have way too many userids to be able to enter them in the /etc/group
file, unfortunately. If the primary group won't work, do you have any
other recommendations for how to handle this? Thanks again for your
time!
Dawn Lovell
[EMAIL PROTECTED]
At 09:56 AM 10/20/99 +1000, Hugh Irvine wrote:
>OK - here's a plan:
>
>In your users file have two default entries (or more), one per group. Then
>return a Class attribute depending on the group and use the Class
>attribute for
>your AcctLogFileName.
>
># Users file with multiple DEFAULTS
># Return Class Attribute which will then appear in Accounting requests
>
>DEFAULT Auth-Type = System, Group = Trial, NAS-Port-Type = Async
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Address = 255.255.255.254,
> Framed-Netmask = 255.255.255.255,
> Reply-Message="choice: ",
> Port-Limit = 1,
> Idle-Timeout = 1200,
> Session-Timeout = 28800,
> Class = trial
>
>DEFAULT Auth-Type = System, Group = Customer, NAS-Port-Type = Async
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Address = 255.255.255.254,
> Framed-Netmask = 255.255.255.255,
> Reply-Message="choice: ",
> Port-Limit = 1,
> Idle-Timeout = 1200,
> Session-Timeout = 28800,
> Class = customer
>
># Configuration to handle accounting with AcctLogFileName and %{Class}
>
>AuthPort 1812
>AcctPort 1813
>LogDir /var/adm/radacct
>DbDir /etc/raddb
>SnmpgetProg /usr/local/bin/snmpget
>
><SessionDatabase DBM>
> Filename %D/online
></SessionDatabase>
>...
><<Client localhost>
> Secret <not shown>
> DupInterval 300
></Client>
>...
><AuthBy UNIX>
> Identifier System
> Filename /etc/shadow
> DefaultSimultaneousUse 1
></AuthBy>
>
><Handler>
> <AuthBy FILE>
> # The filename defaults to %D/users
> </AuthBy>
> AcctLogFileName %L/%N/detail.%{Class}
></Handler>
>
>Thanks to Mike for the very excellent suggestion!
>
>hth
>
>Hugh
>
>--
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
>NT, Rhapsody
>
>===
>Archive at http://www.thesite.com.au/~radiator/
>To unsubscribe, email '[EMAIL PROTECTED]' with
>'unsubscribe radiator' in the body of the message.
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.