On Tue, Jun 28, 2011 at 3:55 PM, Tiberiu Breana
<[email protected]> wrote:
> Hello.
>
> Is it possible to copy user entries from a server to another?
> I have a user that connects to a "foreign" Radius server (AAAF). The AAAF
> detects his realm and forwards the request to the realm's appropriate Radius
> server (AAAH).
> The AAAH authenticates the user and returns the result.
>
> What I'd like to do: copy the user entry to the AAAF (username, password,
> check items, reply items) so that the AAAF can later authenticate the user
> without having to forward the request.
> Is this possible? Furthermore, how could I keep the user's data, seeing how
> unlang doesn't support creating new variables?
Not recommended. How will you know if (for example) the user change
his password later? AAAF will always reject it later even if the
password is actually correct.
That being said, you MIGHT be able to work around that by:
(1) forcing PAP
(2) logging user passwords for succesfull auth (see radiusd.conf)
(3) parse the log (a simple "awk" or something should work)
(4) insert manually to db
the "forcing PAP" part is necessary cause if the client uses MSCHAP
you won't be able to see the cleartext password.
As an alternative to (2) - (4), unlang supports arbitrary SELECT query
(something like %{sql:.. , see
http://freeradius.org/radiusd/man/unlang.html). But since you need to
do an INSERT (insert user password to db), you need to work around
that. See
http://www.mail-archive.com/[email protected]/msg51742.html
for example.
--
Fajar
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
