"David C. Troy" <[EMAIL PROTECTED]> wrote:
> I have the following situation --
>
> 1) Provider A uses PAP and doesn't want Ascend-Data-Filters
> 2) Provider B uses PAP and DOES want Ascend-Data-Filters
> 3) Provider C uses CHAP and doen't want Ascend-Data-Filters
> 4) They all want to use ports 1645/1646
>
> Everything is authenticated from a central MySQL database where I store
> both crypted and plaintext passwords, where needed.
>
> Is it possible to support all four of the above conditions in a single
> instance of freeradius?
I don't see why not.
> I would prefer to have the three machines have an identical configuration
> and use them for backup to each other, but I am not sure how I could go
> about differentiating between the three different providers; maybe place
> some directives in the clients.conf file?
No, that won't help.
Some comments:
- all using 1645/1646 is fine. FreeRADIUS will do that.
- using PAP/CHAP is unimportant. FreeRADIUS will authenticate
whatever comes in the RADIUS request.
- if you want to FORCE the use of PAP or CHAP, that's a bit harder,
but I don't see why it would be useful, or necessary.
So you're left with the problem of getting Ascend-Data-Filters to
two providers, but not the third. The answer is to find out what
distinguishes the provider A/C packets from provider B. Once you
know that, the answer is easy.
If A/C come from client-A/client-C, and B comes from client-B, then
you can do in the 'users' file:
DEFAULT Client-IP-Address == client-A
Ascend-Data-Filters...
Fall-Through = Yes
DEFAULT Client-IP-Address == client-C
Ascend-Data-Filters...
Fall-Through = Yes
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
