Re: Different Called-Station-ID to different passwd files

Thu, 16 Jan 2003 20:29:11 -0800 

On Friday 17 January 2003 05:08, Alan DeKok wrote:
> Craig <[EMAIL PROTECTED]> wrote:
> >   I am trying to set up a single freeradius server (ver 0.8.1) in such
> > a way that when a person dials eg.
> >
> > phone-number-1 (for ISP1) they get authenticated against password-file-1,
> >
> > phone-number-2 (for ISP2) they get authenticated against password-file-2
> > etc.
> >
> > I don't want users to have to add a realm name to their login, unless
> > they are roaming, in which case it would need to work with that as
> > well.
>
>   Then your best bet is to *always* use realms.  Set up the realsm
> file for roaming like you would do normally, then in the 'hints' file,
> do:
>
> DEFAULT       Called-Station-Id = "5551212"
>       Realm = "ISP-1"
>
> DEFAULT       Called-Station-Id = "5559999"
>       Realm = "ISP-2"
>
>
>   When they dial in to those numbers *without* a realm, then the realm
> information will be added by the 'hints' file.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



Thanks, that solves the phone number problem but I still don't know how to get 

Realm = "ISP-1" to authenticate against password-file-1
Realm = "ISP-2" to authenticate against password-file-2

In the radiusd.conf file I was thinking perhaps of using the passwd module, 
with a definition for each ISP like (haven't worked the format out yet)

        passwd ISP1 {
                filename = /etc/password-file-1
                format="*User-Name::LM-Password:
UNIX-Password:SMB-Account-CTRL-TEXT::"
                authtype = PAP
                hashsize = 100

(I am uncertain of the hashsize behaviour. Does the hash ever refresh itself, 
or do you need to restart the server?)

                ignorenislike = no
                allowmultiplekeys = no
        }


in the passwd module region and then defining each in the 

authorize { 
        preprocess
        chap
        mschap
        suffix
        files

        ISP1    (is this the right spot?)
        ISP2
}  

block. Will this work correctly? 


Also how do I set this up in the user file? Something like

DEFAULT Realm == "ISP1",  Auth-Type := ISP1

Finally, is there a GUI for something like radclient? The O'Reilly Radius book 
suggested some windows program (NTRadPing), but I'm not running windows.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to