Manuals / Cisco Systems / Computer Equipment / Network Card

Cisco Systems 4.2 manual Configuring the Script, Client Scripting, Choosing the Scripting Point

Models: 4.2

1 94

Download 94 pages 10.59 Kb

Page 79

Client Scripting

Chapter 5 Customizing Your Configuration

Configuring Multiple UserLists

In this situation, when beth@North.QuickExample.com makes an Access-Request, the script will strip off the word North and use it to set the value of the environment variable Authentication-Serviceand/or Authorization-Service. Note, the script overrides any existing default authentication and/or authorization specifications.

Note For more information about writing scripts and the role the dictionaries play in Cisco AR, see the Cisco Access Registrar User Guide. For examples of scripts, see the Cisco Access Registrar User’s Guide.

Client Scripting

Though, CAR allows external code (Tcl/C/C++/Java) to be used by means of a script, custom service, policy engine, and so forth, while processing request, response, or while working with the environment dictionaries, it shall not be responsible for the scripts used and will not be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of the script.

Configuring the Script

When you have multiple UserLists, you need a script to determine which UserList to check when a user makes an Access-Request. When you want the script to apply to all users, irrespective of the NAS they are using, place the script at the Radius level. When, on the other hand, you want to run different scripts depending on the originating NAS, place the script at the Client level.

Client Scripting

Though, CAR allows external code (Tcl/C/C++/Java) to be used by means of a script, custom service, policy engine, and so forth, while processing request, response, or while working with the environment dictionaries, it shall not be responsible for the scripts used and will not be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of the script.

Choosing the Scripting Point

Step 1 Use the cd command to change to the appropriate level. The following example sets the script for all requests.

cd /Radius

Step 2 Use the set command to set the incoming script. The following example sets the script, ParseUserName:

set IncomingScript ParseUserName

Installing and Configuring Cisco Access Registrar, 4.2

	OL-17221-02	5-7

Image 79

Cisco Systems 4.2 manual Configuring the Script, Client Scripting, Choosing the Scripting Point, cd /Radius

Contents

Cisco Systems, Inc 170 West Tasman Drive San Jose, CA Americas HeadquartersInstalling and Configuring Cisco Access Registrar NovemberCopyright 2007 Cisco Systems, Inc. All rights reserved Installing and Configuring Cisco Access RegistrarLicense Slabs C O N T E N T SOverview Cisco.com3-12 Using pkgrm to Remove Cisco Access Registrar Solaris Software3-11 3-12Using aregcmd Installing Cisco Access Registrar Software from CD-ROMUsing a Script to Determine Service Creating and Setting Group MembershipCreating a RemoteServer Installing and Configuring Cisco Access Registrar Configuring Session ManagementConfiguring Session Management ContentsContents Installing and Configuring Cisco Access Registrar viiiOL-17221-02 Obtaining Documentation About This GuideCisco.com For Emergencies only - security-alert@cisco.com Reporting Security Problems in Cisco ProductsDocumentation Feedback Cisco Product Security OverviewCisco Technical Support & Documentation Website Obtaining Technical Assistancehttp//tools.cisco.com/RPF/register/register.do Definitions of Service Request Severity Submitting a Service Requestxiii Obtaining Additional Publications and InformationAbout This Guide Installing and Configuring Cisco Access RegistrarOL-17221-02 C H A P T E R Installation Dialog OverviewInstallation Type OverviewOpen Database Connectivity Installation LocationLicense File Location Java 2 Runtime EnvironmentBase Directory Downloading Cisco Access Registrar SoftwareExample Configuration Continue with InstallationCSCOar-4.2.1-sol10-k9.tar.gz for Solaris Cisco Access Registrar 4.2 LicensingDescription Getting Cisco Access Registrar 4.2 LicenseLicense Slabs Productopt/CSCOar/bin/arserver restart Installing Cisco Access Registrar 4.2 LicensesAdding Additional Cisco Access Registrar 4.2 Licenses Sample License Filearegcmd -l directoryname aregcmd Command-Line OptionDisplaying License Information Launching aregcmdInstalling and Configuring Cisco Access Registrar Chapter 1 Overview Cisco Access Registrar 4.2 LicensingOL-17221-02 Installing Cisco Access Registrar 4.2 Software on Solaris, page Installing Cisco Access RegistrarInstalling the Cisco Access Registrar 4.2 License File Installing the Cisco Access Registrar 4.2 License File, pageDeciding Where to Install Deciding Where to InstallInstalling Cisco Access Registrar Software from CD-ROM Installing Downloaded Softwarepkgadd -d /tmp CSCOar Common Solaris Installation StepsStep 5 Proceed to Common Solaris Installation Steps zcat CSCOar-4.2.1-sol9-K9.tar.gz tar xvfStep 9 Enter the directory or mount point where the J2RE is installed Installing Cisco Access Registrar 4.2 Software on Solaris Step 13 Enter Y to install the setuid/setgid filesStep 14 Enter Y to continue with the software installation Chapter 2 Installing Cisco Access RegistrarRPC Bind Services Installing Cisco Access Registrar 4.2 Software on LinuxInstalling Cisco Access Registrar on LDoms Configuring SNMPcd /cdrom/cdrom0/kit/linux-2.4 Common Linux Installation Stepscp CSCOar-4.2.1-lnx26-install-K9.sh /tmp chmod 777 CSCOar-4.2.1-lnx26-install-K9.shCopyright C CSCOar-4.2.1-lnx26-install-k9.shBuild Date Mon Nov 03 235551 Build Host spencer.cnslab.cisco.comInstalling and Configuring Cisco Access Registrar Configuring SNMPChapter 2 Installing Cisco Access Registrar Installing Cisco Access Registrar 4.2 Software on LinuxInstalling and Configuring Cisco Access Registrar 2-10Chapter 2 Installing Cisco Access Registrar Installing Cisco Access Registrar 4.2 Software on LinuxInstalling the Cisco Access Registrar License File, page Solaris Software Upgrade OverviewSolaris Software Upgrade Overview, page Linux Software Upgrade Overview, page Software Upgrade Tasks, pageetc/init.d/arserver restart Linux Software Upgrade OverviewSee Using pkgrm to Remove Cisco Access Registrar Solaris Software cd /opt mv AICar1 CSCOaretc/init.d/arserver restart Software Upgrade TasksDisabling Replication cd /radius/replicationRemoving the AICar1 Package Using pkgrm to Remove Cisco Access Registrar Solaris Softwarepkgrm AICar1 Software Upgrade Tasks Removing the CSCOar Packagepkgrm CSCOar Chapter 3 Upgrading Cisco Access Registrar Softwarecd /opt/CSCOar/bin uninstall-ar Using uninstall-ar to Remove Linux SoftwareInstalling Cisco Access Registrar Software from CD-ROM, page Installing the Cisco Access Registrar License FileUpgrading Cisco Access Registrar Solaris Software Deciding Where to Install, pageCommon Solaris Installation Steps zcat CSCOar-4.2.1-sol9-k9.tar.gz tar xfInstalling Cisco Access Registrar Software from CD-ROM Installing Downloaded SoftwareStep 1 For a full install, press Enter Step 10 Enter Y to continue with the software installation 3-10Step 7 Enter the administrator userID and password Step 9 Enter Y to install the setuid/setgid filesIf you choose not to use the SNMP features of CAR, the installation process is completed. To use SNMP features, complete the configuration procedure described in Configuring SNMP Back-up Copy of Original Configuration3-11 Configuring SNMPRemoving Old VSA Names VSA Update Script3-12 opt/CSCOar/data Upgrading Cisco Access Registrar Linux SoftwareUsing uninstall-ar to Remove Linux Software, page Common Linux Installation Steps, pagecd /cdrom/cdrom0/kit/linux-2.6 uninstall-arcp CSCOar-4.2.1-lnx26-install-k9.sh /tmp cd /opt/CSCOar/bin arserver stopCommon Linux Installation Steps chmod 777 CSCOar-4.2.1-lnx26-install-k9.shCSCOar-4.2.1-lnx26-install-K9.sh 3-15directory where it is installed 3-16Preparing Backup Copy of Original Configuration3-17 opt/CSCOar/jakarta-tomcat-4.0.6/webapps/tomcat-docs/ssl-howto.htmlUpgrading Cisco Access Registrar Linux Software 3-18VSA Update Script Chapter 3 Upgrading Cisco Access Registrar SoftwareConfiguring SNMP Configuring SNMPRestarting Replication 3-19Restarting Replication 3-20Chapter 3 Upgrading Cisco Access Registrar Software Installing and Configuring Cisco Access RegistrarUsing aregcmd, page Configuring a Basic Site, page Configuring Cisco Access RegistrarUsing aregcmd General Command Syntaxaregcmd Commands Configuring a Basic SiteRunning aregcmd set Password Changing the Administrator’s Passwordcd //localhost/Administrators cd adminadd jane testadmin Configuring the RADIUS ServerCreating Additional Administrators cd /AdministratorsChecking the Server’s Health Checking the System-Level Defaultsset DefaultSessionManager Selecting Ports to Useadd add ls Displaying the UserListsStep 1 Change directory to /Radius/Advanced/Ports cd /Radius/Advanced/Portsadd jane Displaying the Default UserListAdding Users to UserLists ls -RDeleting Users set password janecd /Radius/UserLists/Default delete beth Displaying UserGroupsadd QuickExampleNAS Configuring ClientsAdding a NAS cd /Radius/ClientsEnableNotifications TRUE Configuring ProfilesSetting RADIUS Attributes set IncomingScript ParseServiceHints EnableDynamicAuthorization TRUEset Framed-Routing 192.168.1.0/24 Validating and Using Your ChangesAdding Multiple Cisco AV Pairs Saving and Reloadingsimple john john Testing Your ConfigurationUsing radclient radclient -sp001 send Configuring AccountingTroubleshooting Your Configuration Setting the Trace Levelaregcmd cd /Radius/Advanced/SNMP Enabling SNMP in the Cisco Access Registrar Serverset Enabled TRUE Stopping the Master Agent4-15 Access ControlModifying the snmpd.conf File opt/CSCOar/bin/arserver stopSystem Contact Information Configuring Dynamic DNSRestarting the Master Agent Trap Recipientcd ddns set Protocol dynamic-dns cd /Radius/Advanced/DDNS/TSIGKeys add foo.comcd foo.com set Secret base64-encoded string cd /Radius/RemoteServers add ddnscd /Radius/ResourceManagers add ddns Testing Dynamic DNS with radclientset IPAddress 10.10.10.1 ip address of primary dns server for zone set ForwardZoneTSIGKey foo.com set ReverseZoneTSIGKey foo.comset p acctrequest Start bob cd /opt/CSCOar/bin aregcmdtrace Step 3 Launch radclient cd /opt/CSCOar/bin radclient acctrequest Start usernameOL-17221-02 4-20Chapter 4 Configuring Cisco Access Registrar Configuring Dynamic DNS Installing and Configuring Cisco Access RegistrarC H A P T E R Customizing Your ConfigurationConfiguring Groups Configuring Specific GroupsObject Creating and Setting Group Membershipadd PPP-users Users who always connect using PPP default-PPP-users cd /Radius/UserLists/Default/jeanset AuthorizationScript AuthorizeService Configuring a Default GroupUsing a Script to Determine Service cd /Radius/UserGroups/Defaultreload Configuring Multiple UserListsset Group Default savePopulating UserLists Configuring Separate UserListsConfiguring Users Creating Separate UserListscd /Radius/Services/North-users Configuring ServicesCreating Separate Services cd /Radius/Servicescd /Radius Configuring the ScriptClient Scripting Choosing the Scripting PointSave tcl scripts in the directory /opt/CSCOar/scripts/radius/tcl Configuring a Remote Server for AAHandling Multiple Scripts add ParseUserName Rex libParseUserName.so ParseUserNameadd QuickExample Configuring the Remote ServerCreating a RemoteServer cd /Radius/RemoteServers5-10 set UserPasswordAttribute passwordset protocol ldap set Port5-11 Creating Servicesadd remote-ldap Remote LDAP Service set type ldapset DefaultAuthorization remote-ldap Configuring Multiple Remote ServersChanging the Authentication and Authorization Defaults set DefaultAuthentication remote-ldap5-13 Configuring Two Remote ServersCreating RemoteServers add Northset SharedSecret Creating the Servicescd /Radius/RemoteServers/North set protocol radiusChoosing the Scripting Point set IncomingScript ParseRemoteServers5-15 Configuring the Script5-16 Configuring Session ManagementConfiguring a Resource Manager Creating a Resource Manageradd rm-100 Configuring a Session ManagerCreating a Session Manager cd /Radius/ResourceManagers5-18 Configuring Session ManagementEnabling Session Management set 1 rm-100I N D E SymbolsIN-1 Failover policy IN-2Java 2 Platform IN-3 IN-4