Part of Slepp's ProjectsPastebinTURLImagebinFilebin
Feedback -- English French German Japanese
Create Upload Newest Tools Donate

Advertising

users
Tuesday, April 17th, 2007 at 4:17:54am UTC 

  1. # !! users configured by mem
  2. #
  3. #       Please read the documentation file ../doc/processing_users_file,
  4. #       or 'man 5 users' (after installing the server) for more information.
  5. #
  6. #       As of 1.1.4, you SHOULD NOT use Auth-Type.  See "man rlm_pap"
  7. #       for a much better way of dealing with differing passwords.
  8. #       If you set Auth-Type, SOME AUTHENTICATION METHODS WILL NOT WORK.
  9. #       If you don't set Auth-Type, the server will figure out what to do,
  10. #       and will almost always do the right thing.
  11. #
  12. #       This file contains authentication security and configuration
  13. #       information for each user.  Accounting requests are NOT processed
  14. #       through this file.  Instead, see 'acct_users', in this directory.
  15. #
  16. #       The first field is the user's name and can be up to
  17. #       253 characters in length.  This is followed (on the same line) with
  18. #       the list of authentication requirements for that user.  This can
  19. #       include password, comm server name, comm server port number, protocol
  20. #       type (perhaps set by the "hints" file), and huntgroup name (set by
  21. #       the "huntgroups" file).
  22. #
  23. #       Indented (with the tab character) lines following the first
  24. #       line indicate the configuration values to be passed back to
  25. #       the comm server to allow the initiation of a user session.
  26. #       This can include things like the PPP configuration values
  27. #       or the host to log the user onto.
  28. #
  29. #       If you are not sure why a particular reply is being sent by the
  30. #       server, then run the server in debugging mode (radiusd -X), and
  31. #       you will see which entries in this file are matched.
  32. #
  33. #       When an authentication request is received from the comm server,
  34. #       these values are tested. Only the first match is used unless the
  35. #       "Fall-Through" variable is set to "Yes".
  36. #
  37. #       A special user named "DEFAULT" matches on all usernames.
  38. #       You can have several DEFAULT entries. All entries are processed
  39. #       in the order they appear in this file. The first entry that
  40. #       matches the login-request will stop processing unless you use
  41. #       the Fall-Through variable.
  42. #
  43. #       You can include another `users' file with `$INCLUDE users.other'
  44. #
  45.  
  46. #
  47. #       For a list of RADIUS attributes, and links to their definitions,
  48. #       see:
  49. #
  50. #       http://www.freeradius.org/rfc/attributes.html
  51. #
  52.  
  53. #
  54. # Deny access for a specific user.  Note that this entry MUST
  55. # be before any other 'Auth-Type' attribute which results in the user
  56. # being authenticated.
  57. #
  58. # Note that there is NO 'Fall-Through' attribute, so the user will not
  59. # be given any additional resources.
  60. #
  61. #lameuser       Auth-Type := Reject
  62. #              Reply-Message = "Your account has been disabled."
  63.  
  64. #
  65. # Deny access for a group of users.
  66. #
  67. # Note that there is NO 'Fall-Through' attribute, so the user will not
  68. # be given any additional resources.
  69. #
  70. #DEFAULT        Group == "disabled", Auth-Type := Reject
  71. #              Reply-Message = "Your account has been disabled."
  72. #
  73.  
  74. # !! testing groups
  75. DEFAULT         LDAP-Group == "rejects", Auth-Type := Reject
  76.  
  77. #
  78. # This is a complete entry for "steve". Note that there is no Fall-Through
  79. # entry so that no DEFAULT entry will be used, and the user will NOT
  80. # get any attributes in addition to the ones listed here.
  81. #
  82. #steve  Cleartext-Password := "testing"
  83. #       Service-Type = Framed-User,
  84. #       Framed-Protocol = PPP,
  85. #       Framed-IP-Address = 172.16.3.33,
  86. #       Framed-IP-Netmask = 255.255.255.0,
  87. #       Framed-Routing = Broadcast-Listen,
  88. #       Framed-Filter-Id = "std.ppp",
  89. #       Framed-MTU = 1500,
  90. #       Framed-Compression = Van-Jacobsen-TCP-IP
  91.  
  92. #
  93. # This is an entry for a user with a space in their name.
  94. # Note the double quotes surrounding the name.
  95. #
  96. #"John Doe"     Cleartext-Password := "hello"
  97. #              Reply-Message = "Hello, %u"
  98.  
  99. #
  100. # Dial user back and telnet to the default host for that port
  101. #
  102. #Deg    Cleartext-Password := "ge55ged"
  103. #       Service-Type = Callback-Login-User,
  104. #       Login-IP-Host = 0.0.0.0,
  105. #       Callback-Number = "9,5551212",
  106. #       Login-Service = Telnet,
  107. #       Login-TCP-Port = Telnet
  108.  
  109. #
  110. # Another complete entry. After the user "dialbk" has logged in, the
  111. # connection will be broken and the user will be dialed back after which
  112. # he will get a connection to the host "timeshare1".
  113. #
  114. #dialbk Cleartext-Password := "callme"
  115. #       Service-Type = Callback-Login-User,
  116. #       Login-IP-Host = timeshare1,
  117. #       Login-Service = PortMaster,
  118. #       Callback-Number = "9,1-800-555-1212"
  119.  
  120. #
  121. # user "swilson" will only get a static IP number if he logs in with
  122. # a framed protocol on a terminal server in Alphen (see the huntgroups file).
  123. #
  124. # Note that by setting "Fall-Through", other attributes will be added from
  125. # the following DEFAULT entries
  126. #
  127. #swilson        Service-Type == Framed-User, Huntgroup-Name == "alphen"
  128. #              Framed-IP-Address = 192.168.1.65,
  129. #              Fall-Through = Yes
  130.  
  131. #
  132. # If the user logs in as 'username.shell', then authenticate them
  133. # against the system database, give them shell access, and stop processing
  134. # the rest of the file.
  135. #
  136. # Note that authenticating against an /etc/passwd file works ONLY for PAP,
  137. # and not for CHAP, MS-CHAP, or EAP.
  138. #
  139. #DEFAULT        Suffix == ".shell", Auth-Type := System
  140. #              Service-Type = Login-User,
  141. #              Login-Service = Telnet,
  142. #              Login-IP-Host = your.shell.machine
  143.  
  144.  
  145. #
  146. # The rest of this file contains the several DEFAULT entries.
  147. # DEFAULT entries match with all login names.
  148. # Note that DEFAULT entries can also Fall-Through (see first entry).
  149. # A name-value pair from a DEFAULT entry will _NEVER_ override
  150. # an already existing name-value pair.
  151. #
  152.  
  153. #
  154. # First setup all accounts to be checked against the UNIX /etc/passwd.
  155. # (Unless a password was already given earlier in this file).
  156. #
  157. #DEFAULT        Auth-Type = Radius
  158. #DEFAULT        Auth-Type = ntlm_auth
  159. DEFAULT Auth-Type = LDAP
  160.         Fall-Through = 1
  161.  
  162. DEFAULT LDAP-Group == "staff"
  163.         Service-Type = Framed-User,
  164.         Tunnel-Type = :1:VLAN,
  165.         Tunnel-Medium-Type = :1:6,
  166.         Tunnel-Private-Group-ID = :1:140
  167.  
  168. DEFAULT LDAP-Group == "students"
  169.         Service-Type = Framed-User,
  170.         Tunnel-Type = :1:VLAN,
  171.         Tunnel-Medium-Type = :1:6,
  172.         Tunnel-Private-Group-ID = :1:141
  173.  
  174. #
  175. # Set up different IP address pools for the terminal servers.
  176. # Note that the "+" behind the IP address means that this is the "base"
  177. # IP address. The Port-Id (S0, S1 etc) will be added to it.
  178. #
  179. #DEFAULT        Service-Type == Framed-User, Huntgroup-Name == "alphen"
  180. #              Framed-IP-Address = 192.168.1.32+,
  181. #              Fall-Through = Yes
  182.  
  183. #DEFAULT        Service-Type == Framed-User, Huntgroup-Name == "delft"
  184. #              Framed-IP-Address = 192.168.2.32+,
  185. #              Fall-Through = Yes
  186.  
  187. #
  188. # Defaults for all framed connections.
  189. #
  190. DEFAULT Service-Type == Framed-User
  191.         Framed-IP-Address = 255.255.255.254,
  192.         Framed-MTU = 576,
  193.         Service-Type = Framed-User,
  194.         Fall-Through = Yes
  195.  
  196. #
  197. # Default for PPP: dynamic IP address, PPP mode, VJ-compression.
  198. # NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected
  199. #       by the terminal server in which case there may not be a "P" suffix.
  200. #       The terminal server sends "Framed-Protocol = PPP" for auto PPP.
  201. #
  202. DEFAULT Framed-Protocol == PPP
  203.         Framed-Protocol = PPP,
  204.         Framed-Compression = Van-Jacobson-TCP-IP
  205.  
  206. #
  207. # Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression.
  208. #
  209. DEFAULT Hint == "CSLIP"
  210.         Framed-Protocol = SLIP,
  211.         Framed-Compression = Van-Jacobson-TCP-IP
  212.  
  213. #
  214. # Default for SLIP: dynamic IP address, SLIP mode.
  215. #
  216. DEFAULT Hint == "SLIP"
  217.         Framed-Protocol = SLIP
  218.  
  219. #
  220. # Last default: rlogin to our main server.
  221. #
  222. #DEFAULT
  223. #       Service-Type = Login-User,
  224. #       Login-Service = Rlogin,
  225. #       Login-IP-Host = shellbox.ispdomain.com
  226.  
  227. # #
  228. # # Last default: shell on the local terminal server.
  229. # #
  230. # DEFAULT
  231. #       Service-Type = Shell-User
  232.  
  233. # On no match, the user is denied access.

advertising

Update the Post

Either update this post and resubmit it with changes, or make a new post.

You may also comment on this post.

update paste below
details of the post (optional)

Note: Only the paste content is required, though the following information can be useful to others.

Save name / title?

(space separated, optional)



Please note that information posted here will not expire by default. If you do not want it to expire, please set the expiry time above. If it is set to expire, web search engines will not be allowed to index it prior to it expiring. Items that are not marked to expire will be indexable by search engines. Be careful with your passwords. All illegal activities will be reported and any information will be handed over to the authorities, so be good.

comments powered by Disqus
worth-right
worth-right