Hi...
we use a router on a PRI interface and so have multiple
inbound phone numbers to use. Previously (using Livingston RADIUS)
we had two phone numbers users could dial in. If they called
the first number then the authentication was made by the
'users' file. If they dialled into the second number then they
were authenticated against the local ace server (SecurID).
So the type of authentication depended on the Called-Station-Id.
I used a RADIUS entry like this (Livingston syntax!!!):
> DEFAULT Auth-Type=SecurID, Called-Station-Id = "12345"
> Service-Type = Framed-User,
> Framed-Protocol = PPP
It worked perfectly well. As I just switched this router's authentication
to FreeRADIUS I wonder how to do this now. Can the hints or huntgroups
files help me accomplish this?
Currently the users can at least log in using the realm syntax. The
users call any number (the router picks up the phone anyway) and then
either enter "davis" for 'users' authentication or "davis@securid"
which proxy-forwards his request to the RADIUS port of the ace server.
The proxy.conf reads:
> realm securid {
> type = radius
> authhost = 10.10.10.80:2645
> accthost = 10.10.10.80:2646
> secret = toosecrettoquotehere
> hints
> }
Does anyone know a way of making FreeRADIUS proxy-forward all
requests which come in on a specified Called-Station-Id? Our users
won't (probably) kill us if we forced them all to use the realm
syntax but it would make our server switch more transparent to them.
Thanks in advance for any help.
Christoph
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
