Re: (RADIATOR) Give me some suggestions for Authentication, Authorization and Accounting

Thu, 24 Jun 1999 17:20:20 -0700 

Hi Authur,

On Jun 24,  9:41pm, Authur Lin wrote:
> Subject: (RADIATOR) Give me some suggestions for Authentication, Authoriza
> Hello,
>
> We know the radius can process all about authentication, authorization,
> and accounting. Whether it is possible if  I use radius for
> authentication/accounting, LDAP for  authorization ? Could anyone give
> me some suggestions ?

Sounds like you want to authenticate and do accounting to a remote radius
server, but to get check and reply items from an LDAP server?

You can do this by chaining 2 AuthBy clauses together:

<Realm whatever>
        AuthByPolicy ContinueAlways

        # Check items from LDAP, if they pass the check items
        # Note, no PasswordAttr, so password is not checked
        <AuthBy LDAP>

                CheckAttr       check-attr
                ReplyAttr       reply-attr
                ....etc
        </AuthBy>

        <AuthBy RADIUS>
                Host whatever
                Secret whatever
        </AuthBy>
</Realm>

In this strategy, the user will be prechecked with check items (but not a
password) from LDAP. If the check items are OK, it applies the reply items.

Then the request is sent to the remote radius. Any reply items from the remote
radius will be added to the ones from LDAP.
Accounting will just go to remote radius.

In the LDAP database, you could have a DEFAULT user to handle the most common
cases, and some per-user entries for the unusual usuaers:

uid: DEFAULT
reply-attr: "Service-Type=Framed-User"
reply-attr: "Framed-Protocol = PPP"

uid: mrstatic
reply-attr: "Service-Type=Framed-User"
reply-attr: "Framed-Protocol = PPP"
reply-attr: "Framed-IP-Address = 1.2.3.4"


Hope that helps.

Cheers.



>
> Authur
>
>
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Authur Lin



-- 
Mike McCauley                               [EMAIL PROTECTED]
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to