Re: (RADIATOR) Best mechanism for client -> Realm mappings?

2000-02-25 Thread Rakesh Patel 


Thanks - I ended up doing a bit more checking and in the end I chose to set up a
PreHandlerHook to convert the NAS-IP-Address to a name (NAS-Name) and used a
handler with a regular expression check for NAS-Name. I believe that will let us
do most of what we need to accomplish.

Rakesh Patel.



Mike McCauley wrote:
> 
> Hello Rakesh,
> 
> Radiator 2.15 supports a new check items Cleint-Id and NasType. Using them, you
> could set up Handlers for each type of NAS, or for each individual Client.
> 
> Handlers also allow you to specifiy the Realm as a regexp.
> 
> Therefore, you could set up a handler something like:
> 
> 
> 
> ...
> AddToReply  reply-items-suitable-for-a-livingston
> 
> 
> 
> Hope that helps.
> 
> Cheers.
> 
> On Feb 24, 12:33pm, Rakesh Patel wrote:
> > Subject: (RADIATOR) Best mechanism for client -> Realm mappings?
> >
> > I am looking for some advice - my goal is to have users with separate
> > permissions for different clients based upon client name. I am using AuthBy
> PAM
> > (kerberos) for password authentication, and requiring AuthBy File for
> specifying
> > which users are valid and defining their return attributes.
> >
> > I was considering using mulitiple realms which are defined by the client
> name,
> > with each realm using a different users file and all realms using AuthBy PAM
> for
> > password authentication.
> >
> > I was hoping to be able to easily specify the realm through some form of
> regular
> > expression (domain name). Since the  identifier doesn't support
> regular
> > expressions, how are others handling this type of situation? Seems that
> listing
> > all the IP addresses gets a bit tedious when you have even a few clients.
> >
> > Is there a way to use a single realm and do something equivalent in concept
> to
> > the following?
> >
> >   
> >   if (%C =~ /domain/ ) {
> >   Filename users.foo
> >   }
> >   if (%C =~ /domain2/ ) {
> >   Filename users.bar
> >   }
> >   
> >
> >
> > Does anyone have suggestions?
> >
> > Thanks,
> > Rakesh Patel.
> >
> > ===
> > Archive at http://www.thesite.com.au/~radiator/
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.
> >-- End of excerpt from Rakesh Patel
> 
> --
> Mike McCauley   [EMAIL PROTECTED]
> Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
> Phone +61 3 9598-0985   Fax   +61 3 9598-0955
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Best mechanism for client -> Realm mappings?

2000-02-24 Thread Mike McCauley 

Hello Rakesh,

Radiator 2.15 supports a new check items Cleint-Id and NasType. Using them, you
could set up Handlers for each type of NAS, or for each individual Client.

Handlers also allow you to specifiy the Realm as a regexp.

Therefore, you could set up a handler something like:



...
AddToReply  reply-items-suitable-for-a-livingston



Hope that helps.

Cheers.

On Feb 24, 12:33pm, Rakesh Patel wrote:
> Subject: (RADIATOR) Best mechanism for client -> Realm mappings?
>
> I am looking for some advice - my goal is to have users with separate
> permissions for different clients based upon client name. I am using AuthBy
PAM
> (kerberos) for password authentication, and requiring AuthBy File for
specifying
> which users are valid and defining their return attributes.
>
> I was considering using mulitiple realms which are defined by the client
name,
> with each realm using a different users file and all realms using AuthBy PAM
for
> password authentication.
>
> I was hoping to be able to easily specify the realm through some form of
regular
> expression (domain name). Since the  identifier doesn't support
regular
> expressions, how are others handling this type of situation? Seems that
listing
> all the IP addresses gets a bit tedious when you have even a few clients.
>
> Is there a way to use a single realm and do something equivalent in concept
to
> the following?
>
>   
>   if (%C =~ /domain/ ) {
>   Filename users.foo
>   }
>   if (%C =~ /domain2/ ) {
>   Filename users.bar
>   }
>   
>
>
> Does anyone have suggestions?
>
> Thanks,
> Rakesh Patel.
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Rakesh Patel



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985   Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.