Thanks - I ended up doing a bit more checking and in the end I chose to set up a
PreHandlerHook to convert the NAS-IP-Address to a name (NAS-Name) and used a
handler with a regular expression check for NAS-Name. I believe that will let us
do most of what we need to accomplish.
Rakesh Patel.
Mike McCauley wrote:
>
> Hello Rakesh,
>
> Radiator 2.15 supports a new check items Cleint-Id and NasType. Using them, you
> could set up Handlers for each type of NAS, or for each individual Client.
>
> Handlers also allow you to specifiy the Realm as a regexp.
>
> Therefore, you could set up a handler something like:
>
>
>
> ...
> AddToReply reply-items-suitable-for-a-livingston
>
>
>
> Hope that helps.
>
> Cheers.
>
> On Feb 24, 12:33pm, Rakesh Patel wrote:
> > Subject: (RADIATOR) Best mechanism for client -> Realm mappings?
> >
> > I am looking for some advice - my goal is to have users with separate
> > permissions for different clients based upon client name. I am using AuthBy
> PAM
> > (kerberos) for password authentication, and requiring AuthBy File for
> specifying
> > which users are valid and defining their return attributes.
> >
> > I was considering using mulitiple realms which are defined by the client
> name,
> > with each realm using a different users file and all realms using AuthBy PAM
> for
> > password authentication.
> >
> > I was hoping to be able to easily specify the realm through some form of
> regular
> > expression (domain name). Since the identifier doesn't support
> regular
> > expressions, how are others handling this type of situation? Seems that
> listing
> > all the IP addresses gets a bit tedious when you have even a few clients.
> >
> > Is there a way to use a single realm and do something equivalent in concept
> to
> > the following?
> >
> >
> > if (%C =~ /domain/ ) {
> > Filename users.foo
> > }
> > if (%C =~ /domain2/ ) {
> > Filename users.bar
> > }
> >
> >
> >
> > Does anyone have suggestions?
> >
> > Thanks,
> > Rakesh Patel.
> >
> > ===
> > Archive at http://www.thesite.com.au/~radiator/
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.
> >-- End of excerpt from Rakesh Patel
>
> --
> Mike McCauley [EMAIL PROTECTED]
> Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
> Phone +61 3 9598-0985 Fax +61 3 9598-0955
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.