Adding Remote User Information (Solaris ISP Server 2.0 Administration Guide)

Solaris ISP Server 2.0 Administration Guide

Adding Remote User Information

An entry for a subscriber who gains access to ISP services through a RADIUS server must support an additional object class (remoteUser) and has several attributes added to the entry information.

Note -

The default Solaris ISP Server configuration designates the root domain as the search base for RADIUS subscriber entries. If your configuration is different, use the directory services administration console to configure RADIUS and enter values appropriate for your search base.

The additional lines in the ldif file are:

objectclass: remoteUser
authsuffixname: @ispxpress
grpcheckinfo: authSuffixName
grpcheckinfo: userPassword
authserviceprotocol: Framed-User
framedrouting: None
framedprotocol: PPP
grpreplyinfo: authServiceProtocol
grpreplyinfo: framedProtocol
grpreplyinfo: framedRouting

Where

objectClass: remoteUser: Is a required object class for the subscriber accessing services using a RADIUS server.
authsuffixname: @ispxpress: Is a suffix added to the subscriber's user name to enable the RADIUS server to distinguish among entries with the same uid in different domains. Use the appropriate suffix for the your user entry.
grpcheckinfo: authSuffixName: Indicates that the RADIUS server should verify the authSuffixName attribute value before selecting the entry to authenticate against.
grpcheckinfo: userPassword: Indicates that the RADIUS server should verify the userPassword attribute value before selecting the entry to authenticate against.
authserviceprotocol: Framed-User: If you are using the default RADIUS configuration, enter this attribute exactly as shown. The correct value is determined by the configuration of your network access server.
framedrouting: None: If you are using the default RADIUS configuration, enter this attribute exactly as shown. The correct value is determined by the configuration of your network access server.
framedprotocol: PPP: If you are using the default RADIUS configuration, enter this attribute exactly as shown. The correct value is determined by the configuration of your network access server.
grpreplyinfo: authServiceProtocol: Tells the RADIUS server to include the value of the authServiceProtocol attribute in its reply message.
grpreplyinfo: framedProtocol: Tells the RADIUS server to include the value of the framedProtocol attribute in its reply message.
grpreplyinfo: framedRouting: Tells the RADIUS server to include the value of the framedRouting attribute in its reply message.

You can create any number of subscriber entries by adding blocks of data to the file. When it is complete, save and close people.ldif. Add the subscriber entries to the directory with the following command, replacing the bind DN and password with your own:

% ldapadd -D "cn=admin,o=sun,c=US" -w secret -f people.ldif

If you have already created these entries, you must perform an ldapmodify. Locate the manual page for ldapmodify(1) and follow those instructions.