Re: (RADIATOR) Best Way to do this proxy

Mon, 04 Nov 2002 00:21:21 -0800


Hello Skeeve -

You should use two AuthBy clauses under the control of an AuthByPolicy, something like this:

# define AuthBy clauses (FILE/SQL/whatever)

<AuthBy FILE>
Identifier CheckLocal
.....
</AuthBy>

<AuthBy RADIUS>
Identifier CheckRemote
....
</AuthBy>

<Realm customer>
AuthByPolicy ContinueWhileAccept
AuthBy CheckLocal
AuthBy CheckRemote
.....
</Realm>


regards

Hugh


On Saturday, November 2, 2002, at 09:53 PM, Skeeve Stevens wrote:


Question...

I have a customer who wants to do their own Radius authentication.....
but... I don't want this customer to be able to create their own user
accounts and so on.

I want them to call us, get the account put in our radius server and we
would provide at the first level:
- port usage limit check (for that customer)
- see if account exists
- see if account is active
- then check REMOTE customer radius server for authentication - the
password
- if success, pass back details of IP and such from our master radius
server.

In essence... giving the customer the ability to change passwords and
lock accounts of their users.

Can anyone suggest a good way to implement this? or is there any
existing hooks which can do a local verification check before passing on
the request to another radius server..

Users would use 'username@customer'

...Skeeve


_______________________________________________________
Skeeve Stevens, RHCE Email: [EMAIL PROTECTED]
Website: www.skeeve.org - Telephone: (0414) 753 383
Address: P.O Box 1035, Epping, NSW, 1710, Australia

eIntellego - [EMAIL PROTECTED] - www.eintellego.net
_______________________________________________________
Si vis pacem, para bellum


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.


NB: I am travelling this week, so there may be delays in our correspondence.

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to