On Thu, 2 Dec 2004, Christian Reeves wrote:
> > > I have an ISP scenario using freeradius 1.0.1. to
> > authenticate dialup
> > > customers on our single domain. We use a Mysql backend.
> > > We have added a second domain for a national dialup service. A 3rd
> > > party providing the POPS will pass radius requests to our
> > radius servers.
> > >
> > > Question:
> > > How do I setup the ability to authenticate more than one domain
> > > (realm) in freeradius?
> > > Desired result:
> > > Not only can our original realm authenticate but now
> > freeradius should
> > > authenticate <[EMAIL PROTECTED]> as well.
> > >
> > >
> > > I put this in my proxy.conf file but I'm not sure this is the right
> > > thing to do and ti seems to simple to be true:
> > >
> > > realm powerline.net {
> > > type = radius
> > > authhost = LOCAL
> > > accthost = LOCAL
> > > }
> > >
> > > I gratefully accept any pointers to archived answers/tips (I'm
> > > currenty digging as well) I can provide config files if it
> > will help.
> > >
> > > Thanks!!
> > > Christian
> > >
> >
> > So what errors do you get when you try to authenticate the
> > user? Please paste entire radiusd -X output.
>
>
>
> ([EMAIL PROTECTED]) 1 ~ # service radiusd stop ; radiusd -x
> Stopping FreeRADIUS: radiusd.
> Starting - reading configuration files ...
> Module: Loaded PAP
> Module: Instantiated pap (pap)
> Module: Loaded preprocess
> Module: Instantiated preprocess (preprocess)
> Module: Loaded realm
> Module: Instantiated realm (suffix)
> Module: Loaded SQL
> rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
> rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius
> rlm_sql (sql): starting 0
> rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
> rlm_sql_mysql: Starting connect to MySQL server for #0
> rlm_sql (sql): Connected new DB handle, #0
> rlm_sql (sql): starting 1
> rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
> rlm_sql_mysql: Starting connect to MySQL server for #1
> rlm_sql (sql): Connected new DB handle, #1
> rlm_sql (sql): starting 2
> rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
> rlm_sql_mysql: Starting connect to MySQL server for #2
> rlm_sql (sql): Connected new DB handle, #2
> rlm_sql (sql): starting 3
> rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
> rlm_sql_mysql: Starting connect to MySQL server for #3
> rlm_sql (sql): Connected new DB handle, #3
> rlm_sql (sql): starting 4
> rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
> rlm_sql_mysql: Starting connect to MySQL server for #4
> rlm_sql (sql): Connected new DB handle, #4
> Module: Instantiated sql (sql)
> Module: Loaded Acct-Unique-Session-Id
> Module: Instantiated acct_unique (acct_unique)
> Module: Loaded detail
> Module: Instantiated detail (detail)
> Initializing the thread pool...
> Listening on authentication 209.26.178.8:1812
> Ready to process requests.
> rad_recv: Access-Request packet from host 65.167.179.3:3574, id=1,
> length=209
> User-Name = "[EMAIL PROTECTED]"
> User-Password = "[EMAIL PROTECTED]"
> NAS-IP-Address = 209.247.22.208
> NAS-Port = 258
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Ascend-Data-Rate = 31200
> Ascend-Calling-Id-Type-Of-Num = Unknown
> Ascend-Calling-Id-Number-Plan = Unknown
> Ascend-Xmit-Rate = 28800
> Called-Station-Id = "4077384022"
> Calling-Station-Id = "4079332394"
> NAS-Identifier = "nas16.orl1.Level3.net"
> Acct-Session-Id = "334467454"
> NAS-Port-Type = Async
> Ascend-NAS-Port-Format = 2_4_5_5
> rlm_sql (sql): Reserving sql socket id: 4
> rlm_sql (sql): User [EMAIL PROTECTED] not found in radcheck
> rlm_sql (sql): User [EMAIL PROTECTED] not found in radgroupcheck
> rlm_sql (sql): User not found
> rlm_sql (sql): Released sql socket id: 4
> Login incorrect: [EMAIL PROTECTED]/[EMAIL PROTECTED] (from client TXLink port
> 258 cli 4079332394)
>
>
> I see where the user is missing in radcheck and radgroupcheck now. How do I
> get this other realm setup and then the users in those proper places?
>
First you need to make sure you've enabled proxying.
Make sure you have this line with yes and uncommented
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
Now, you need to think about how you are going to store your usernames.
If all usernames will be unique, regardless of the domain, then you should
be done and ready to go. The domain will be stripped from the username
when authentication takes place.
ie: there will be no [EMAIL PROTECTED] and [EMAIL PROTECTED]
If you may have the same username for different realms, then you need to
add nostrip to that realm.
ie:
#realm isp2.com {
# type = radius
# authhost = radius.isp2.com:1645
# accthost = radius.isp2.com:1646
# secret = TheirKey
# nostrip
#}
Then you need to add all those users to sql with the full [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
