Article delegate-en/4918 of [1-5042] on the server localhost:7119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Does Delegate support user-based access lists, with those users authenticated by a RADIUS server?
27 Sep 2010 02:45:27 GMT Vietnhi Phuvan <pcijqbdyi-tdmn6hikkvt6.ml@delegate.org>

Sorry for the obvious spelling mistake with ConsServ1, but I have been putting the syntax through its paces by testing (successfully) giving different users access to different hosts on the local subnet.

Here is a simplified syntax for testing user groups:

delegated -P1080 SERVER=socks AUTHORIZER=-pam/delegated OWNER="root"
|REMITTABLE="tcprelay/{80,443,22}" HOSTLIST="ConsServ1:10.10.80.100"
|USERLIST="Users:vphuvan@*" PERMIT="tcprelay:ConsServ1:Users" -vd
|+=/etc/delegated.conf -r

It still bombs. What's wrong with the syntax?

Regards,

Vietnhi Phuvan

----- Original Message -----
From: "Yutaka Sato" <feedback@delegate.org>
To: feedback@delegate.org
Cc: "vietnhi phuvan" <pcijqbdyi-tdmn6hikkvt6.ml@delegate.org>
Sent: Friday, September 24, 2010 3:34:20 AM
Subject: Re: [DeleGate-En] Does Delegate support user-based access lists, with those users authenticated by a RADIUS
server?

In message <_A4915@delegate-en.ML_> on 09/24/10(07:20:34)
you Vietnhi Phuvan <pcijqbdyi-tdmn6hikkvt6.ml@delegate.org> wrote:
|I. I am attempting to make user groups work:
|
|delegated -P1080 SERVER=socks AUTHORIZER=-pam/delegated OWNER="root"
|REMITTABLE="tcprelay/{80,443,22}" HOSTLIST="ConsServ1:10.10.80.100"
|HOSTLIST="ConsServ2:10.10.80.3" HOSTLIST="ConsServ3:10.10.80.5"
|USERLIST="Users:vphuvan@*" PERMIT="tcprelay:ConServ1:Users" -vd
|+=/etc/delegated.conf -r
|
|vphuvan authenticates nicely according to the 1080 log but I am getting
|a no permission match error. Anything wrong with the syntax above?

- As long as I knonw, there is no parameter with name "USERLIST".
- "ConServ1" in the above PERMIT is not defined in any HOSTLIST.
- "ConsServ1", "ConsServ2" and "ConsServ3" are defined but not used.

Cheers,
Yutaka
-- 9 9 Yutaka Sato, CSDP#005482 <y.sato@delegate.org>
http://delegate.org/y.sato/ ( ~ ) National Institute of Advanced
Industrial Science and Technology
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V