Ahhh, thanks, I seem to be missing that man page, although the one for tac_plus itself exists. The Makefile only installs tac_plus.1. The version we have running is F4.0.4.alpha - perhaps that's my problem.. although I believe we have to use this version as it was modified some time ago to kludge an issue the company had with some device back then.<br>
<br>Thanks also for the 'after authorization' suggestion - I take it that if the script returns 1 to tac_plus tac_plus will fail the authorization request ?<br><br><br><br><div class="gmail_quote">On Thu, Oct 30, 2008 at 1:39 PM, Jesse Zbikowski <span dir="ltr"><<a href="mailto:embeddedlinuxguy@gmail.com">embeddedlinuxguy@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">On Tue, Oct 28, 2008 at 8:18 PM, Ian Batterbee <<a href="mailto:ibatterb@gmail.com">ibatterb@gmail.com</a>> wrote:<br>
> I'm still a bit confused about the configuration<br>
> file syntax. Is there a reference for it somewhere I can read ?<br>
<br>
</div>Please see "man 5 tac_plus.conf". Here is some example server side<br>
configuration. You will have to process the A/V pairs on the client<br>
to make use of the custom "usergroup" attribute.<br>
<br>
# tac_plus.conf<br>
user = tryme {<br>
pap = cleartext tryme<br>
service=ppp protocol=users {}<br>
after authorization "/usr/local/tac/postauth $user"<br>
}<br>
<br>
# /usr/local/tac/postauth<br>
<br>
#!/usr/bin/perl<br>
my $user = shift @ARGV;<br>
while (<STDIN>) {<br>
print; # pass A/V pairs from tac_plus<br>
}<br>
if ($user eq 'tryme') {<br>
print "usergroup=administrator\n"; # new A/V pair<br>
exit 2; # send A/V pairs to client<br>
} else {<br>
exit 1; # fail<br>
}<br>
</blockquote></div><br>