Filter
Top Products
5-3
Installing and Configuring Cisco Access Registrar, 4.2
OL-17221-02
Chapter 5 Customizing Your Configuration
Configuring Groups
Configuring a Default Group
If you allow users to request different Services based on how they specify their username, you can use
a script to determine the type of Service to provide. For example, the user joe can request either PPP or
Telnet Service by either logging in as
joe%PPP or joe%Telnet.
This works because there are two scripts: ParseServiceHints and AuthorizeService.
• ParseServiceHints—checks the username suffix and if it corresponds to a service, it modifies the
request so it appears as if the NAS requested that type of Service.
• AuthorizeService—adds a certain profile to the response based on the Service type. The script
chooses the authentication and/or authorization Service, and the Service specifies the UserGroup
which then specifies the UserList, which contains the user
joe.
Table 5-2 provides an overview of the process. The following sections describe the process in more
detail.
Using a Script to Determine Service
The following instructions assume you have already created a UserGroup and you have written a script
that performs this function. For some sample scripts, see the Cisco Access Registrar User’s Guide.
Step 1 Use the cd command to change to the UserGroup you want to associate with the script. The following
example changes to the Default group.
cd /Radius/UserGroups/Default
Step 2 Use the set command to set the AuthorizationScript to the name of the script you want run. The following
example sets the script to AuthorizeService:
set AuthorizationScript AuthorizeService
Step 3 Use the cd command to change to Scripts:
cd /Radius/Scripts
Step 4 Use the add command to add the new script, specifying the name, description, language (in this case Rex
which is short for RADIUS Extension), filename and an optional entry point. When you do not specify
an entry point, Cisco AR uses the script’s name.
add AuthorizeService "Authorization Script" Rex libAuthorizeService.so AuthorizeService
Step 5 Use the cd command to change to the user. The following example changes to the user beth:
cd /Radius/UserLists/Default/beth
Ta b l e 5-2 Choosing Among UserGroups
Object Action
UserGroups Add a new UserGroup or use existing Default group.
Set AuthorizationScript
Scripts Add new Script.
UserLists Set group membership.