I'm trying to set up the following NAS devices
NAS Group=redback
1 Redback SMS 500 (with multiple contexts/global RADIUS authentication
settings for all contexts)
NAS Group=local
1 3Com TotalControl
2 Lucent Portmaster 3's
NAS Group=roaming
and authentication from a remote RADIUS proxy
under the following situation:
Users coming in from the redback NAS Group would get authenticated against
the flat users file with Auth-Type := Local PAP password authentication.
Users coming in from the local NAS Group would use
Auth-Type := UNIX but the username would have to be read from a freeradius
MySQL database for the specifics, such as IP address. Any users not
specified here would not be permitted to connect at all.
In addition to those users, there would be some custom-defined users with
specific needs that would be put into the flat users file.
Users coming in from the roaming NAS Group would use
Auth-Type := UNIX, and be given a generic reply allowing them to grab a
dynamic IP. Any users not allowed to dial into roaming numbers would not
be able to authenticate and grab an IP.
I want to do this without using a UNIX group containing either the list of
dialup users or containing the list of non-dialup users. I would like to
specify the list of legitimate users or non-legitimate users that exist in
the UNIX passwd file so that dialin rights are properly controlled but as
little user-specific data as possible need to be provided (I don't want to
have to specify a full users record for each and every roaming user if
possible for example).
The only way I can think of to do this at the moment is by using UNIX
groups, but I would prefer to use a means of defining and maintaining the
groups internal to freeradius if such a thing is possible.
Any ideas? Maybe I'm thinking along the wrong lines?
Secondly, is anyone working on a perl module to maintain the contents of
the freeradius authentication tables in a DBMS such as MySQL?
--
Mark P. Hennessy [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
