Sorry for the obvious spelling mistake with ConsServ1, but I have been putting the syntax through its paces by testing (successfully) giving different users access to different hosts on the local subnet.

Here is a simplified syntax for testing user groups:

delegated -P1080 SERVER=socks AUTHORIZER=-pam/delegated OWNER="root"
|REMITTABLE="tcprelay/{80,443,22}" HOSTLIST="ConsServ1:10.10.80.100"
|USERLIST="Users:vphuvan@*" PERMIT="tcprelay:ConsServ1:Users" -vd
|+=/etc/delegated.conf -r

It still bombs. What's wrong with the syntax?

Regards,

Vietnhi Phuvan

----- Original Message -----
From: "Yutaka Sato" <feedback@delegate.org>
To: feedback@delegate.org
Cc: "vietnhi phuvan" <pcijqbdyi-zxq45iyn2s66.ml@delegate.org>
Sent: Friday, September 24, 2010 3:34:20 AM
Subject: Re: [DeleGate-En] Does Delegate support user-based access lists, with those users authenticated by a RADIUS
server?

In message <_A4915@delegate-en.ML_> on 09/24/10(07:20:34)
you Vietnhi Phuvan <pcijqbdyi-zxq45iyn2s66.ml@delegate.org> wrote:
|I. I am attempting to make user groups work:
|
|delegated -P1080 SERVER=socks AUTHORIZER=-pam/delegated OWNER="root"
|REMITTABLE="tcprelay/{80,443,22}" HOSTLIST="ConsServ1:10.10.80.100"
|HOSTLIST="ConsServ2:10.10.80.3" HOSTLIST="ConsServ3:10.10.80.5"
|USERLIST="Users:vphuvan@*" PERMIT="tcprelay:ConServ1:Users" -vd
|+=/etc/delegated.conf -r
|
|vphuvan authenticates nicely according to the 1080 log but I am getting
|a no permission match error. Anything wrong with the syntax above?

- As long as I knonw, there is no parameter with name "USERLIST".
- "ConServ1" in the above PERMIT is not defined in any HOSTLIST.
- "ConsServ1", "ConsServ2" and "ConsServ3" are defined but not used.

Cheers,
Yutaka
-- 9 9 Yutaka Sato, CSDP#005482 <y.sato@delegate.org>
http://delegate.org/y.sato/ ( ~ ) National Institute of Advanced
Industrial Science and Technology
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller