Re: About realms

Fri, 03 Aug 2001 21:42:21 -0700 

I understand what he's saying, and this would be some excellent 
procedure.  I could very well use this in our organization as well.  It 
would quell a lot of issues.

Described simply as:
Say your running multiple ISPs off your radius server.  For instance, you 
have say 10 realms you auth for all on one radius server.  With the current 
limitations, you will run into username conflicts soon as you can not have 
a "[EMAIL PROTECTED]" and a "[EMAIL PROTECTED]", as radius will look at the 
passwd file and only read the first entry, ignoring the 2nd (or vice 
versa).  So here's the solution.

Current passwd file that radius reads goes something like this.
username1:CRYPTOPASSWORD:GROUP:
username2:CRYPTOPASSWORD:GROUP:

Basically, the proposed workaround for this, is can we have a password file 
that is instead:
[EMAIL PROTECTED]:CRYPTOPASSWORD:GROUP:
[EMAIL PROTECTED]:CRYPTOPASSWORD:GROUP:
[EMAIL PROTECTED]:CRYPTOPASSWORD:GROUP:
[EMAIL PROTECTED]:CRYPTOPASSWORD:GROUP:

Basically.. unless otherwise written into radius, if proxy is turned OFF, 
then perhaps this would work stock??  I might give that a shot, but if not, 
it would seem like an excellent feature.  A lot easier than running a proxy 
to 10 different radius servers.

I think i'm following the same idea as Sveta, or I may be on a different 
track all-together; however, I would much like the idea I outlined to be a 
possibility.

At 11:18 AM 8/2/2001 -0400, you wrote:
>Sveta <[EMAIL PROTECTED]> wrote:
> > In radcheck table user names look like username@realm1,
> > username@realm2.  It there possibility to accomplish such algorithm
> > of authentication: If I receive user name without realm I should add
> > to this name every realm in order from an table which contains list
> > of realms till user will be authenticated in my radcheck table.
>
>   Ouch.  No, there isn't really a way of doing that.
>
>   I would suggest describing what functionality you *want*, instead of
>coming up with a proposed solution.  Describe what your users are
>doing, and maybe there's another solution which is better, and which
>will work.
>
>   Alan DeKok.
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


----------------------------------
Visp Systems Administration
Voice:  541-476-5352 ext. 4
Support Board: http://support.visp.net/bb


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to