Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) Newbie Radius Question.
mmmmm .. Kevin, I think he was trying to see if there was away around NOT
having to set up a users dbm file. Since i have attended all the Ascend
users course on Radius I will attempt to answer this in simplicty.
(Plezzzzz no flames, i am trying to simplfy this an any addendums will
be appreciated.)
The users file for radius acts much like a hard-coded connection profile
that one set's in the max itself. In practice, it is an -off the Access
router- profile, since there is a limited number of connections available.
The user name is parsed, and if the -Password='somepassword' the user
is authenticated on the spot, and sent on his merrry way (inside the access
box).
If Password="UNIX", a query to the passwd file is made and if there is
shadowing going on, then the shadow password is read and compared via
Radius to the passed password. Then the user is granted access and can
continue.
Setting the Password in the users dbf results in password that are in
clear text and can be read by anyone who can/may see the users dbf file
(Provided of course one has the perms to do so), this is not a good
idea of course.
The direct answer to your question is that is correct in theory. One can
'hack' the radius code and force a read of the passwd file to look for
users instead of using the 'users'. Although there are some additional
parameters in the users dbf file that are used.
The simplest method to automate this is to have a cron script that runs
at predetermined times, parsing for your passwd file. Set the users you
want to have access into some group(s) and extract them. Use 2 files,
one that contains the important stuff that goes in front, and another that
contains the required stuff at the bottom. Cat the the 3 files in order of
'header', 'users', and 'tail' and then execute a builddbm and VILOA, you
have an automatic way of getting users added.
Hope this helps .....
Ben Duncan Tel: 601-371-1445
Vice President fax: 601-371-1639
Intop 7402 Siwell Road Ste. 120
www.intop.net Jackson, Ms 39212
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
"It all really depends upon your view of reference. If an apple dropped from
the Empire State Building is subjected to the effects of the turning earth, the
turning solar system, the turning gallaxy, the turning universe, the contracting
and expanding of the universe, would not that apple arrive at precisely where
it left off ? "
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
On Thu, 22 May 1997, Kevin Smith wrote:
> At 05:58 PM 5/21/97 -0400, Craig Salmond wrote:
> >Is it possible to have radius read the /etc/passwd (or /etc/shadow) file
> >instead of the /etc/raddb/users file? Or alternatley a way to create the
> >users file from the /etc/passwd file.
>
> Well if you just put the DEFAULT entry in the users file, it will go to
> the UNIX password file via the "login" daemon (that's right isn't it?).
>
>
>
> Kevin Smith Updated Service and Support
> Ascend Communications Resources are now at:
> http://www.ascend.com/service
> ++ Ascend Users Mailing List ++
> To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
> To get FAQ'd: <http://www.shore.net/~dreaming/ascend-faq>
> or <ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>
>
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.shore.net/~dreaming/ascend-faq>
or <ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>
References: