Hello Jaafar -
You will need to use AuthBy GROUP's for the different AuthBy policies. # define AuthBy clauses <AuthBy UNIX> Identifier System Filename /etc/shadow </AuthBy> <AuthBy SQL> Identifier CheckSQL DBSource dbi:Oracle:ahimsa DBUsername xxxxxx DBAuth xxxxxx DBSource dbi:Oracle:parthenon DBUsername xxxxxx DBAuth xxxxxx AuthSelect SELECT passwd FROM subscribers \ WHERE name = '%n' \ AND roam = 'T' \ AND status = 'T' AuthColumnDef 0, Encrypted-Password, check AuthColumnDef 1, GENERIC, check AuthColumnDef 2, GENERIC, check AuthColumnDef 3, GENERIC, reply AuthColumnDef 4, GENERIC, reply </AuthBy> <AuthBy FILE> Identifier CheckDenyFile Filename %D/deny AcceptIfMissing NoDefault </AuthBy> <AuthBy Group> Identifier CheckSystemThenSQL AuthByPolicy ContinueUntilAccept AuthBy System AuthBy CheckSQL </AuthBy> <AuthBy GROUP> Identifier CheckUsers AuthByPolicy ContinueWhileAccept AuthBy CheckDenyFile AuthBy CheckSystemThenSQL AddToReply Service-Type = Framed-User, \ Framed-Protocol = PPP, \ Framed-IP-Netmask = 255.255.255.255 </AuthBy> # define Handlers <Handler Realm=/.*\.sg/> RewriteUsername s/^([^@]+).*/$1/ AuthBy CheckUsers AcctLogFileName /radacct/%C/detail </Handler> regards Hugh At 8:53 +0800 19/7/02, Jaafar Bin Sarim wrote: >Hello Hugh > >I'm unable to establish a policy that I want to achieve as described >below: > >1. user access if found in the deny file will be rejected and nothing > else. > >2. user access if not found in the deny file will be checked against the > /etc/passwd file > if not found in the /etc/passwd then check with the oracle database > >Here's my radius configuration: >----------------------------------------------------- >LogDir /var/log/radius/test >DbDir /usr/local/etc/raddb >AuthPort 2112 >AcctPort 2113 > >Trace 4 > ><Log FILE> > Filename %L/logfile > Trace 4 ></Log> > > ><Client 165.21.81.35> > Secret xxxxxx ></Client> > ><Client localhost> > Secret xxxxxx ></Client> > ><Client 165.21.100.15> > Secret xxxxxx ></Client> > ><Client 165.21.100.18> > Secret xxxxxx ></Client> > ><AuthBy UNIX> > Identifier System > Filename /etc/shadow ></AuthBy> > ><AuthBy SQL> > Identifier CheckSQL > DBSource dbi:Oracle:ahimsa > DBUsername xxxxxx > DBAuth xxxxxx > > DBSource dbi:Oracle:parthenon > DBUsername xxxxxx > DBAuth xxxxxx > > AuthSelect SELECT passwd FROM subscribers \ > WHERE name = '%n' \ > AND roam = 'T' \ > AND status = 'T' > > AuthColumnDef 0, Encrypted-Password, check > AuthColumnDef 1, GENERIC, check > AuthColumnDef 2, GENERIC, check > AuthColumnDef 3, GENERIC, reply > AuthColumnDef 4, GENERIC, reply > ></AuthBy> > > ><Handler Realm=/.*\.sg/> > RewriteUsername s/^([^@]+).*/$1/ > AuthByPolicy ContinueWhileReject > <AuthBy FILE> > Filename %D/deny > </AuthBy> > <AuthBy FILE> > Filename %D/users > </AuthBy> > AuthBy CheckSQL > AcctLogFileName /radacct/%C/detail ></Handler> > >------------------------------------------------------------- > >Here's my deny file: >-------------------------------- >jaafar Auth-Type = Reject > >-------------------------------- > >Here's my users file: >------------------------------------------ >DEFAULT Auth-Type = System > Service-Type = Framed-User, > Framed-Protocol = PPP, > Framed-IP-Netmask = 255.255.255.255 >------------------------------------------- > > > >Thank you. > > >Best Regards >Jaafar Sarim >SingNet > >=== >Archive at http://www.open.com.au/archives/radiator/ >Announcements on [EMAIL PROTECTED] >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.