Hello Viraj -
On Thu, 02 Nov 2000, Viraj Alankar wrote:
> Hello,
>
> We are running Radiator and there is another radius server proxying us
> auth/accounting for certain realms.
>
> I would like Radiator to only accept auth/accounting from this server
> for specified realms, and ignore everything else. I'm trying to find the
> best way to put this in our config file.
>
> We currently have a few <Realm> sections and <Handler> sections at the
> bottom of our config, ie:
>
> <Realm a>
> ...
> <</Realm>
>
> <Realm b>
> ...
> <</Realm>
>
> <Handler ...>
> ...
> <</Handler>
>
> Now say I want to accept ONLY realms c and d from the radius server
> 1.2.3.4. What I was thinking is I would first have to change all Realm
> clauses to Handler's and add something like this before all of the
> Handlers:
>
> <Handler Client-Id = 1.2.3.4, Realm = /(c|d)/i>
> authenticate...
> </Handler>
>
> <Handler Client-Id = 1.2.3.4>
> ignore or reject somehow
> </Handler>
>
> ... rest of my Handlers
>
> I'm wondering if anyone has a better solution. Can anything be done in
> the <Client 1.2.3.4> definition (say rewrite unknown realms to bogus
> realm which will fail authentication)? Any help appreciated.
>
Everything you have mentioned is certainly a good way to do this.
You could also write a PreHandler hook for each of these clients, which could
check the realms, or you could probably also use an AuthBy PORTLIMITCHECK with
appropriate SQL queries to check the realms.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
