Configuring a Default Group, Cd /Radius/Scripts, Object

Chapter 5 Customizing Your Configuration

Configuring Groups

Configuring a Default Group

If you allow users to request different Services based on how they specify their username, you can use a script to determine the type of Service to provide. For example, the user joe can request either PPP or Telnet Service by either logging in as joe%PPP or joe%Telnet.

This works because there are two scripts: ParseServiceHints and AuthorizeService.

•ParseServiceHints—checks the username suffix and if it corresponds to a service, it modifies the request so it appears as if the NAS requested that type of Service.

•AuthorizeService—adds a certain profile to the response based on the Service type. The script chooses the authentication and/or authorization Service, and the Service specifies the UserGroup which then specifies the UserList, which contains the user joe.

Table 5-2provides an overview of the process. The following sections describe the process in more detail.

Table 5-2 Choosing Among UserGroups

Object	Action

UserGroups	Add a new UserGroup or use existing Default group.

	Set AuthorizationScript

Scripts	Add new Script.

UserLists	Set group membership.

Using a Script to Determine Service

The following instructions assume you have already created a UserGroup and you have written a script that performs this function. For some sample scripts, see the Cisco Access Registrar User’s Guide.

Step 1 Use the cd command to change to the UserGroup you want to associate with the script. The following example changes to the Default group.

cd /Radius/UserGroups/Default

Step 2 Use the set command to set the AuthorizationScript to the name of the script you want run. The following example sets the script to AuthorizeService:

set AuthorizationScript AuthorizeService

Step 3 Use the cd command to change to Scripts:

cd /Radius/Scripts

Step 4 Use the add command to add the new script, specifying the name, description, language (in this case Rex which is short for RADIUS Extension), filename and an optional entry point. When you do not specify an entry point, Cisco AR uses the script’s name.

add AuthorizeService "Authorization Script" Rex libAuthorizeService.so AuthorizeService

Step 5 Use the cd command to change to the user. The following example changes to the user beth:

cd /Radius/UserLists/Default/beth

Installing and Configuring Cisco Access Registrar, 4.2

	OL-17221-02	5-3

Cisco Systems 4.2 manual Configuring a Default Group, Using a Script to Determine Service, Object

Models: 4.2