Configuring RADIUS Menus   5

  RADIUS menus enable a user to select different login options after being authenticated. The user only needs a single username for all options rather than a different username for each connection option.

  RADIUS menus are implemented as text files located in the menus  subdirectory on the RADIUS server, typically /etc/raddb/menus . The number of menu files under the menus  directory is unlimited. A menu file can accommodate up to 2KB of display data plus menu selection entries. Menus can refer to other menus.

       Menu File Format

  A menu file consists of the following elements:

•  An initial line containing only the keyword menu 
•  Additional lines of text to be displayed to the user
•  A line containing only the keyword end 
•  One or more menu selection entries
•  The DEFAULT menu selection entry

  The menu  and end  keywords indicate the start and end of the text displayed to the user. Text between the menu  and end  keywords can be any printable ASCII characters up to a maximum of 2Kb. The text in the menu file is case-sensitive.

  Each menu selection entry consists of the menu choice shown at the beginning of a line, followed by one or more lines of reply items--one per line--starting with spaces or tabs. You can enter comments among the menu selection entries by starting each comment line with a number sign (# ).

  The special menu choice DEFAULT must be the last menu selection entry. The DEFAULT menu is called when the user enters no choice or a choice that does not match a menu selection entry in the menu file.

  Use the special menu choice EXIT for a menu selection--such as "Quit"--that disconnects the user.

       Single-Level Menu

  A single-level menu does not refer to other menus. The following example shows a file named /etc/raddb/menus/menu_welcome  for a single-level menu with three options:

  menu

  *** Welcome to EDU OnLine ***

  Please select an option:

 

  1. Start SLIP session

  2. Start PPP Session

  3. Quit

 

  Option:

  end

  # This is a single-level menu called menu_welcome

  1

  Service-Type = Framed-User,

  Framed-Protocol = SLIP,

  Framed-IP-Address = 255.255.255.254,

  Framed-Routing = None,

  Framed-MTU = 1006,

  Termination-Menu = "menu_welcome"

  #

  2

  Service-Type = Framed-User,

  Framed-Protocol = PPP,

  Framed-IP-Address = 255.255.255.254,

  Framed-Routing = None,

  Termination-Menu = "menu_welcome"

  #

  3

  Menu = "EXIT"

  #

  DEFAULT

  Menu = "menu_welcome"

  In the single-level menu example, after RADIUS authenticates the user, menu_welcome  is displayed and the user is prompted to select a service from this menu. Once the user has finished the SLIP or PPP session, the termination menu--also menu_welcome  in this case--is displayed and the user is prompted to select a new service. If a Termination-Menu reply item is not included in the list of reply items corresponding to the user's menu selection, the user is disconnected immediately after the SLIP or PPP session.

       Nested Menus

  Nested menus refer to other menus. In the following example menu file, the menu that the user sees has an other  option; if selected, this option displays a second menu:

  menu

  *** Welcome to the Internet Service ***

  Please enter an option:

  ppp - Start PPP session

  telnet - Begin login session with a host

  other - Display a second menu

  Option:

  end

  # This is a nested menu called menu_internet

  ppp

  Service-Type = Framed-User,

  Framed-Protocol = PPP,

  Framed-IP-Address = 255.255.255.254,

  Framed-Routing = None,

  Framed-MTU = 1500

  #

  telnet

  Service-Type = Login-User,

  Login-IP-Host = 172.16.1.81,

  Login-Service = Telnet,

  Login-TCP-Port = 23

  #

  other

  Menu = "menu_other"

  #

  DEFAULT

  Menu = "menu_internet"

       Termination Menus

  Termination menus are presented to users when their service ends. The termination menu value must be contained within double quotation marks. The Termination-Menu reply item in the user's profile calls the menu.

  With a user profile as shown in the following example, user bob sees menu1  when he finishes his PPP session. When bob selects a menu option, the corresponding service is provided. He can begin another session or he can quit.

  bob Password = "ge55gep"

  Service-Type = Framed-User,

  Framed-Protocol = PPP

  Framed-IP-Address = 255.255.255.254,

  Framed-Routing = None,

  Termination-Menu = "menu1"

       Menus Called by Reference

  Any user profile in the users  file--including the DEFAULT profile--can call a menu by reference. The Menu reply item is the only reply item in the user profile when a menu is referenced.

  DEFAULT Auth-Type = System

  Menu = "menu1"

  In this example, after any user is authenticated via the DEFAULT profile, the menu1  menu  is displayed and the user is prompted to make a selection. When the user selects a menu option, the corresponding service is provided.

       Menu Filenames

  You must create the menu filename in the menus  subdirectory on the RADIUS server, described on page 5-1. Menu names can consist of up to 120 printable, nonspace, ASCII characters; in the users  file the menu name must be enclosed in double quotation marks (" ").