Hi Walt

If you were to put this in the wiki you may even have other people help you 
edit it ;-)

Peter

On Fri 02 Mar 2007 22:37, Walt Reynolds wrote:
> I have searched, but did not find what I was looking for, so trying to
> do my own flowchart of the process.  Below is a written up flow that I
> want to try and convert to a graphical one.  Can I please get some
> feedback on if this is not only the way it really works, but also if it
> is accurate.
>
> If someone has something like this I would be very grateful if you would
> pass it along to me.  Just remember plagiarisms is the greatest form of
> flattery (I would give you credit either way if you wanted)
>
> Thanks.
>
> ========================================
> 1. Request comes in (example)
> User-Name = "[EMAIL PROTECTED]"
> User-Password = "Password"
> NAS-IP-Address = 192.168.224.36
> Service-Type = Login-User
> Framed-IP-Address = 198.168.225.72
> Called-Station-Id = "00:07:E9:D1:8F:C2"
> Calling-Station-Id = "00:40:96:a7:00:14"
> NAS-Identifier = "box.lab"
> Acct-Session-Id = "00:07:E9:D1:8F:C2:117165661771"
> NAS-Port-Type = Wireless-802.11
>
> 2. Looks in the authorize section of radius.conf
> ## authorize actually means is this request authorized to authenticate
> ##(does it match rules)
> preprocess    ##This looks a the following files to add/coorelate
>               ##the request to rules defined in later modules.
>                       huntgroups
>                               ##Matches based on NAS
>                       hints
>                               ##Matches on user
> auth_log      ##This defines where the log will be
> suffix                ##Defined as deliminater for proxying realms
>                       ## Finds realm (if listed, if so will be used
>                       ##starting in preproxy_users
> eap           ##Set to define and perform EAP authentication (if in           
>                 ##request)
> files         ## Looks at the following files:
>                       users
>                               ##Used to decide how to AuthZ and AuthN         
>                                 ##users.  Check items,
> if matched will
>                               ##add reply info to NAS
>                               ##if no specific match, will match              
>                                 ##DEFAULT
>                               ##User could move to
>                       acct_users
>                               ##Same as users file but for accounting.
> !!!***!!!If there is no realm defined at this part, it will
>
>                       preproxy_users
>                               ##Matches like users, but reply items
>                               ##added to proxied request to new NAS
>                       pre_proxy_log
>                               ##Allows you to log the pre-proxied
>                               ##request
>
> 3. Sent proxy request to radius server listed in proxy.conf if it did
> find a realm match (based on suffix/px....
> 4. Receives reply
>       a. Looks at post_proxy
>                       post_proxy_log
>                               ##Logs post proxy info if enabled
>                       attr_filter
>                               ##Allows you to filter what the proxied
>                               ##server sends back to NAS
> 5. Sends Accept/Deny to NAS (with all attributes added or filtered)
> 6. Accounting ----

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to