> Alan -- Thanks for the help. One further bit of clarification -- > > the Providers A, B, C each have about 10-20 proxy boxes. I would prefer > to define them as classes of proxies rather than have to set up individual > profiles in the 'users' file. > > Is there any reasonable way to do this, or am I really stuck putting a > users entry for each proxy box?
Actually I should clarify. If I understand you correctly, I would need to put in an entry for each client NAS box, rather than just each client PROXY box. I don't know all the NAS IP's and they could change. Can I do this based on the Proxy IP only? Use Regexp's to classify them by their 'short-name' when definining which default profile to use? Again, thanks. Dave > > Regards, > Dave > > ===================================================================== > David C. Troy [[EMAIL PROTECTED]] 410-544-6193 Sales > ToadNet - Want to go fast? 410-544-1329 FAX > 570 Ritchie Highway, Severna Park, MD 21146-2925 www.toad.net > > On Fri, 5 Jul 2002, Alan DeKok wrote: > > > "David C. Troy" <[EMAIL PROTECTED]> wrote: > > > I have the following situation -- > > > > > > 1) Provider A uses PAP and doesn't want Ascend-Data-Filters > > > 2) Provider B uses PAP and DOES want Ascend-Data-Filters > > > 3) Provider C uses CHAP and doen't want Ascend-Data-Filters > > > 4) They all want to use ports 1645/1646 > > > > > > Everything is authenticated from a central MySQL database where I store > > > both crypted and plaintext passwords, where needed. > > > > > > Is it possible to support all four of the above conditions in a single > > > instance of freeradius? > > > > I don't see why not. > > > > > I would prefer to have the three machines have an identical configuration > > > and use them for backup to each other, but I am not sure how I could go > > > about differentiating between the three different providers; maybe place > > > some directives in the clients.conf file? > > > > No, that won't help. > > > > > > Some comments: > > > > - all using 1645/1646 is fine. FreeRADIUS will do that. > > > > - using PAP/CHAP is unimportant. FreeRADIUS will authenticate > > whatever comes in the RADIUS request. > > > > - if you want to FORCE the use of PAP or CHAP, that's a bit harder, > > but I don't see why it would be useful, or necessary. > > > > > > So you're left with the problem of getting Ascend-Data-Filters to > > two providers, but not the third. The answer is to find out what > > distinguishes the provider A/C packets from provider B. Once you > > know that, the answer is easy. > > > > If A/C come from client-A/client-C, and B comes from client-B, then > > you can do in the 'users' file: > > > > DEFAULT Client-IP-Address == client-A > > Ascend-Data-Filters... > > Fall-Through = Yes > > > > DEFAULT Client-IP-Address == client-C > > Ascend-Data-Filters... > > Fall-Through = Yes > > > > > > Alan DeKok. > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
