Re: (RADIATOR) Proxy Ip addressing

Mon, 25 Oct 1999 14:55:47 -0700 


Hello David -

On Tue, 26 Oct 1999, David Rosewarne wrote:
> >%_Hi,
> I am using Radiator as a proxy to a 3com proxy server using a total control 
> chassis as the NAS.Radiator at present authenticates against a ldap server
> using the default ip address supplied by the NAS from a public ip-pool. What
> I would like to do is authenticate another group of users using Radiator and a
> Microsoft Radius server and set their IP address from a private pool on the
> NAS or from a FramedGroupBase Address The manual says that the user must log
> on using a framed goup item Can anyone give me any help on acheving either
> solution please

To do this you will need to be able to identify users in one group from the
users of the other group(s) when the packets arrive, and then configure
Radiator with multiple Handlers to do what you require. There are various
things you can use for this, such as called number, realm, NAS address, prefix
or suffix, etc., etc. Note that reply items can be set for each user, or you
can set default reply items as shown.

So you would do something like this:

<Handler *whatever works for you*>
        <AuthBy LDAP>
                ....
                AddToReply Service-Type = Framed-User,\
                        Framed-Protocol = PPP,\
                        Framed-IP-Address = *whatever pool*,\
                        Framed-IP-Netmask = 255.255.255.255
                        ....
        </AuthBy>
</Handler>

<Handler *something else for the other group*>
        <AuthBy RADIUS>
                Host your.microsoft.server
                Secret ....
                ....
                AddToReply Service-Type = Framed-User,\
                        Framed-Protocol = PPP,\
                        Framed-IP-Address = *some other pool*,\
                        Framed-IP-Netmask = 255.255.255.255
                        ....
        </AuthBy>
</Handler>

To use Framed-Group you need to set the FramedGroupBaseAddress(s) in the
Client, and then define either a Framed-Group reply item for each user or
define FramedGroup in the relevant AuthBy:

<Client .....>
        Secret ....
        FramedGroupBaseAddress xxx.xxx.xxx.xxx
        ....
</Client>

<Handler ....
        <AuthBy ....>
                FramedGroup 1 or 2 or 3 .....
                ....
        </AuthBy>
</Handler>


Check the reference manual and the example configuration files and users files
in the Radiator distribution.


hth

Hugh


--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to