Hi Walt If you were to put this in the wiki you may even have other people help you edit it ;-)
Peter On Fri 02 Mar 2007 22:37, Walt Reynolds wrote: > I have searched, but did not find what I was looking for, so trying to > do my own flowchart of the process. Below is a written up flow that I > want to try and convert to a graphical one. Can I please get some > feedback on if this is not only the way it really works, but also if it > is accurate. > > If someone has something like this I would be very grateful if you would > pass it along to me. Just remember plagiarisms is the greatest form of > flattery (I would give you credit either way if you wanted) > > Thanks. > > ======================================== > 1. Request comes in (example) > User-Name = "[EMAIL PROTECTED]" > User-Password = "Password" > NAS-IP-Address = 192.168.224.36 > Service-Type = Login-User > Framed-IP-Address = 198.168.225.72 > Called-Station-Id = "00:07:E9:D1:8F:C2" > Calling-Station-Id = "00:40:96:a7:00:14" > NAS-Identifier = "box.lab" > Acct-Session-Id = "00:07:E9:D1:8F:C2:117165661771" > NAS-Port-Type = Wireless-802.11 > > 2. Looks in the authorize section of radius.conf > ## authorize actually means is this request authorized to authenticate > ##(does it match rules) > preprocess ##This looks a the following files to add/coorelate > ##the request to rules defined in later modules. > huntgroups > ##Matches based on NAS > hints > ##Matches on user > auth_log ##This defines where the log will be > suffix ##Defined as deliminater for proxying realms > ## Finds realm (if listed, if so will be used > ##starting in preproxy_users > eap ##Set to define and perform EAP authentication (if in > ##request) > files ## Looks at the following files: > users > ##Used to decide how to AuthZ and AuthN > ##users. Check items, > if matched will > ##add reply info to NAS > ##if no specific match, will match > ##DEFAULT > ##User could move to > acct_users > ##Same as users file but for accounting. > !!!***!!!If there is no realm defined at this part, it will > > preproxy_users > ##Matches like users, but reply items > ##added to proxied request to new NAS > pre_proxy_log > ##Allows you to log the pre-proxied > ##request > > 3. Sent proxy request to radius server listed in proxy.conf if it did > find a realm match (based on suffix/px.... > 4. Receives reply > a. Looks at post_proxy > post_proxy_log > ##Logs post proxy info if enabled > attr_filter > ##Allows you to filter what the proxied > ##server sends back to NAS > 5. Sends Accept/Deny to NAS (with all attributes added or filtered) > 6. Accounting ---- -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
