[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnu-radius] Radius Attrib mysql DB clarification...
|
From: |
Sergey Poznyakoff |
|
Subject: |
Re: [Help-gnu-radius] Radius Attrib mysql DB clarification... |
|
Date: |
Sat, 19 Apr 2003 11:04:43 +0300 |
> gnu-radius is great.
Thank you, nice to hear that :^)
> 1. How do you limit authentication for test accounts to multiple nas
> locations in an attrib mysql DB.
>
> I can make it work for 1 NAS-IP-Address, but if I put 2 in the same value
> or 2 entries in the DB it breaks both IP's. Currently I only want to limit
> this test account to our monitoring server and 127.0.0.1.
Well, there are no `logical or' operator yet, the attributes are
always joined by `logical and', that's the main difficulty. You will
have to use huntgroups for this purpose. To your raddb/huntgroups add:
TESTNAS NAS-IP-Address = 127.0.0.1 NULL
TESTNAS NAS-IP-Address = your.monitoring.server NULL
This defines a huntgroup named TESTNAS consisting of two terminal
servers.
Then change the row in your database so it looks as follows:
+-----------+----------------+-------------------+------+
| user_name | attr | value | op |
+-----------+----------------+-------------------+------+
| radtest | Huntgroup-Name | TESTNAS | = |
+-----------+----------------+-------------------+------+
> 2. Someone asked me if blowfish is supported in gnu-radius.
Do you mean blowfish as a method of enrypting passwords? Radius
relies on the system `crypt' function to encrypt the passwords,
so if the system supports blowfish, then Radius will be able to
handle it as well.
> Would the answer be different if the person decides to
> use a mysql DB.
No, it does not depend on the DB implementation. It only depends
on the system libcrypt library.
Regards,
Sergey