This should all be possible natively in FreeRADIUS. If you wish you can of course also use perl as well :-)
Cheers Peter On Wed 20 Sep 2006 00:57, Dan Geist wrote: > Greetings, all. I'm a new user that's looking at FreeRadius because of > some of it's features, but I'd like to figure out if it can replicate > what I'm currently doing before I start looking into a migration. My > current setup does the following (with openradius, mysql, perl, and a > PAM-securID module) on each packet arrival: > > 1) check an SQL db for the encryption key and tokenize everything (if > so, continue, else exit) > > 2) check to see if it's an accounting packet and log it (if so, then do > it then exit) > > 3) if it's anything else, check the SQL db to see if the username is > valid. (if so, continue, else exit) > > 4) execute a PAM check on the valid user with the credentials just > provided (which could be unix auth, securID, mysql, LDAP, whatever PAM > supports) (if authenticated, continue, else exit) > > 5) check to see if it's one of a short list of auth-only NASs (if so, > authenticate that user and exit, else continue) > > 6) do another SQL lookup to get the combination of VSA option values for > that unique username/nas pair and return the appropriate RAD-access > option along with the VSA options for that user/device combination > (return packet/VSAs and exit) > > Now, I know that's a lot of info, but does FreeRadius have the > flexibility to be able to do something like this? The big things are > that it be able to do PAM auth on users and that it be able to return > VSAs based on a one-to-one relationship that's stored in a MySQL db. > > Thanks. > Dan -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
pgpJO90apzEJF.pgp
Description: PGP signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
