Re: Realms allowed to some huntgroup

Fri, 10 Mar 2006 07:25:53 -0800
Is this possible? I still am not finding documentation that points me to if I can or how. 

On Tue, 7 Mar 2006, Walter Reynolds wrote:




I am not quite finding the setup I am looking for and hope someone can point 
me to the files I should be updating.


Currently I am running version 1.0.4


Hopefuly I can describe what I want to do and you can let me know if it is 
doable, and if so what files I should modify.


I have questions.

        1. How can I authenticate realms differently.
        2. Can I set up logging based on Realm


I will simplify this and say we have two service types I want to 
authenticate.


        1. Wireless
        2. VPN


I currently have Wireless and VPN set up so we do some proxy.  If a user 
signs in with either the following they can log in:


        waltr - no domain (us NULL realm to authhost = local  in proxy.conf)
        [EMAIL PROTECTED] - xxx.edu domain has realm defines and proxies to
                        remote radius server at other campus


Well this works and Wireless and VPN can sign in.  The thing is I want 
wireless to work this way, but I want VPN to only work with no domain logins.



But how do I define a domain/realm to a group so I can put that into the 
huntgroup file.




We are currently using Merit radius and it works this way (I am adding this 
for example only)


Clients.conf (using old style for clarity)
===========================
#Clients Name       Key             [type]          [version] [prefix]
#----------------  --------------- --------------- --------- --------
# iLab Radius servers
vpn.xxx.edu          secretvpn      type=Merit:PROXY           vpn
wirelessAP1.xxx.edu  secretwireless type=PROXY                 wireless
wirelessAP2.xxx.edu  secretwireless type=PROXY                 wireless


============================


The prefix would tell it to use a specific users file and authfile. So I have 
the following 4 files:


vpn.users
vpn.authfile
wireless.users
wireless.authfile


With those files I can have users connecting to wireless clients (ie 
huntgroup) go to a specific user and authfule.  I can set the vpn service to 
authenticate Null realms and drop all others while at the same time I can set 
wireless to authenticate Null locally and proxy the defined realms to another 
radius server.





Question number two is can I separate the accounting for the realms to 
different logfiles?





-- Walter Reynolds
  University of Michigan



-- Walter Reynolds
   University of Michigan

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





















					Reply via email to