Hello Tawrit -
On Wed, 28 Jul 1999, Mohammad Tawrit wrote:
> >%_Hi Hugh,
> Thanks for your help. But my users of IBM 8235 reside on the device flash not in IBM
>server, users are created from IBM 8235 management facility software runs on windows
>3.11,something like cisco's locally defined user. So how I define the users filename
>under <AuthBy EXTERNAL> tag ? My cisco box is working fine which is currently
>interacting with Linux Server.
>
> Regards,
>
> Tawrit
>
>
> At 5:40 PM 26/7/99, Mohammad Tawrit wrote:>Hi,>I have two different
> manufacturer's access box (eg. cisco 2511 and IBM>8235 Dial in Access) and
> two different set of users. For Cisco, Box users>are on Linux Server (present
> radius server) which works fine. For IBM>8235, users are on IBM box.>
> >My question is, How can I combine two set of users by using a single radius
> >server and two different type of access box ?>There are several ways of
> doing this, depending on your exact requirements.You don't specify how you want
> to talk to your IBM box (or your Linux boxfor that matter), so I will merely
> show an <AuthBy UNIX> and an <AuthByEXTERNAL>.
> In the simplest case
> you will want something like this:
> # Set up a single DEFAULT Realm
> <Realm DEFAULT>
> # Step through AuthBy's until one Accepts
> AuthByPolicy ContinueUntilAccept# AuthBy on Linux box <AuthBy UNIX>
>
> linux box .... </AuthBy>#AuthBy for IBM box <AuthBy
> EXTERNAL> IBM box </AuthBy></Realm>If you
> post more detailed requirements, we can refine this further.hthHugh
>
Ahh - now I understand.
Checking the IBM web site, I find that the IBM 8235 supports RADIUS.
http://www.networking.ibm.com/82s/82sover.html
The IBM 8235 has its own list of users with password protection,
or you can use the NetWare Bindery for centralized authorization.
The IBM 8235 also supports the Security Dynamics ACE/Server
and most hand-held authentication devices. A TACACS client is
also provided for DCE Kerberos users. Support for RADIUS,
Blockade Systems and Digital Pathways.
Therefore, you should configure the IBM 8235 as a RADIUS client and re-create
your user list on the Linux box. Then configure Radiator to use the IBM user
file on the Linux box as well as the Cisco users.
Something like this:
<Realm DEFAULT>
AuthByPolicy ContinueUntilAccept
<AuthBy UNIX>
....
</AuthBy>
<AuthBy FILE>
Filename IBM-users-file
</AuthBy>
</Realm>
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsod
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
