'[Help-gnu-radius] checking attributes per IP'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnu-radius-help
Subject:    [Help-gnu-radius] checking attributes per IP
From:       "Hakanson, David J." <hakansond () missouri ! edu>
Date:       2002-09-04 22:14:58
[Download RAW message or body]

I want to setup radius so it will authorize people from a certain
IP based on a specific Radius attribute. So for example, let people in
from 10.10.10.1 who have authenticated and have an Attribute named GROUP
= 1. We have several modem pools which require different attributes in
order to let users in. What is the best way to get this done? I haven't
found any documents in the radius manual to point me to a solution to
this problem. The scenario I wish to setup would be:
 
    Users dialing into 10.10.10.1 need to authenticate as well as have
the STUDENTS=1 attribute set.
    Users dialing into 10.10.10.2 need to authenticate as well as have
the FACSTAFF=1 attribute set.
 
My raddb/users file has entries like:
 
student_username Auth-Type = Pam,
        Auth-Data = radius
        UMC-AV = "STUDENTS=1"
 
facstaff_username Auth-Type = Pam,
        Auth-Data = radius
        UMC-AV = "FACSTAFF=1"
 
where UMC-AV is a string attribute in raddb/dictionary. Any help would
be greatly appreciated. Thanks!
 
David Hakanson
University of Missouri, Columbia
hakansond@missouri.edu

[Attachment #3 (text/html)]

<html xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:st1="urn:schemas-microsoft-com:office:smarttags" \
xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 10">
<meta name=Originator content="Microsoft Word 10">
<link rel=File-List href="cid:filelist.xml@01C25436.983EB9D0">
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="City"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="PlaceName"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="PlaceType"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="place"/>
<!--[if gte mso 9]><xml>
 <o:OfficeDocumentSettings>
  <o:DoNotRelyOnCSS/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
  <w:DocumentKind>DocumentEmail</w:DocumentKind>
  <w:EnvelopeVis/>
  <w:Compatibility>
   <w:BreakWrappedTables/>
   <w:SnapToGridInCell/>
   <w:WrapTextWithPunct/>
   <w:UseAsianBreakRules/>
  </w:Compatibility>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
 </w:WordDocument>
</xml><![endif]--><!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-parent:"";
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:"Times New Roman";
	mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;
	text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;
	text-underline:single;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	mso-style-noshow:yes;
	mso-ansi-font-size:10.0pt;
	mso-bidi-font-size:10.0pt;
	font-family:Arial;
	mso-ascii-font-family:Arial;
	mso-hansi-font-family:Arial;
	mso-bidi-font-family:Arial;
	color:windowtext;}
span.SpellE
	{mso-style-name:"";
	mso-spl-e:yes;}
span.GramE
	{mso-style-name:"";
	mso-gram-e:yes;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;
	mso-header-margin:.5in;
	mso-footer-margin:.5in;
	mso-paper-source:0;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
 /* Style Definitions */ 
 table.MsoNormalTable
	{mso-style-name:"Table Normal";
	mso-tstyle-rowband-size:0;
	mso-tstyle-colband-size:0;
	mso-style-noshow:yes;
	mso-style-parent:"";
	mso-padding-alt:0in 5.4pt 0in 5.4pt;
	mso-para-margin:0in;
	mso-para-margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:10.0pt;
	font-family:"Times New Roman";}
</style>
<![endif]-->
</head>

<body lang=EN-US link=blue vlink=purple style='tab-interval:.5in'>

<div class=Section1>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><span style='mso-spacerun:yes'>&nbsp;&nbsp;&nbsp;&nbsp;
</span>I want to setup radius so it will authorize people from a certain IP
based on a specific Radius attribute. So for example, let people in from
10.10.10.1 who have authenticated and have an Attribute named GROUP = 1. We
have several modem pools which require different attributes in order to let
users in. What is the best way to get this done? I haven&#8217;t found any
documents in the radius manual to point me to a solution to this problem. The
scenario I wish to setup would be:<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><span style='mso-spacerun:yes'>&nbsp;&nbsp;&nbsp;
</span>Users dialing into 10.10.10.1 need to authenticate as well as have the
STUDENTS=1 attribute set.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><span style='mso-spacerun:yes'>&nbsp;&nbsp;&nbsp;
</span>Users dialing into 10.10.10.2 need to authenticate as well as have the
FACSTAFF=1 attribute set.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>My <span class=SpellE>raddb</span>/users file has entries
like:<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><span class=SpellE><span class=GramE><font size=2
face=Arial><span style='font-size:10.0pt;font-family:Arial'>student_username</span></font></span></span><font
 size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> Auth-Type =
Pam,<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><span
style='mso-spacerun:yes'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span>Auth-Data = radius<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><span
style='mso-spacerun:yes'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span>UMC-AV = &#8220;STUDENTS=1&#8221;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><span class=SpellE><span class=GramE><font size=2
face=Arial><span style='font-size:10.0pt;font-family:Arial'>facstaff_username</span></font></span></span><font
 size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> Auth-Type =
Pam,<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><span
style='mso-spacerun:yes'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span>Auth-Data = radius<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><span
style='mso-spacerun:yes'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span>UMC-AV = &#8220;FACSTAFF=1&#8221;<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><span class=GramE><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>where</span></font></span><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> UMC-AV is a
string attribute in <span class=SpellE>raddb</span>/dictionary. Any help would
be greatly appreciated. Thanks!<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>David Hakanson<o:p></o:p></span></font></p>

<p class=MsoNormal><st1:place><st1:PlaceType><font size=2 face=Arial><span
  style='font-size:10.0pt;font-family:Arial'>University</span></font></st1:PlaceType><font
  size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> of \
</span></font><st1:PlaceName><font  size=2 face=Arial><span \
style='font-size:10.0pt;font-family:Arial'>Missouri</span></font></st1:PlaceName></st1:place><font
 size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>, \
</span></font><st1:City><st1:place><font  size=2 face=Arial><span \
style='font-size:10.0pt;font-family:Arial'>Columbia</span></font></st1:place></st1:City><font
 size=2 face=Arial><span \
style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>hakansond@missouri.edu<o:p></o:p></span></font></p>

</div>

</body>

</html>




[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic