Re: (RADIATOR) Give me some suggestions for Authentication, Authorization and Accounting
Hi Authur, On Jun 24, 9:41pm, Authur Lin wrote: > Subject: (RADIATOR) Give me some suggestions for Authentication, Authoriza > Hello, > > We know the radius can process all about authentication, authorization, > and accounting. Whether it is possible if I use radius for > authentication/accounting, LDAP for authorization ? Could anyone give > me some suggestions ? Sounds like you want to authenticate and do accounting to a remote radius server, but to get check and reply items from an LDAP server? You can do this by chaining 2 AuthBy clauses together: AuthByPolicy ContinueAlways # Check items from LDAP, if they pass the check items # Note, no PasswordAttr, so password is not checked CheckAttr check-attr ReplyAttr reply-attr etc Host whatever Secret whatever In this strategy, the user will be prechecked with check items (but not a password) from LDAP. If the check items are OK, it applies the reply items. Then the request is sent to the remote radius. Any reply items from the remote radius will be added to the ones from LDAP. Accounting will just go to remote radius. In the LDAP database, you could have a DEFAULT user to handle the most common cases, and some per-user entries for the unusual usuaers: uid: DEFAULT reply-attr: "Service-Type=Framed-User" reply-attr: "Framed-Protocol = PPP" uid: mrstatic reply-attr: "Service-Type=Framed-User" reply-attr: "Framed-Protocol = PPP" reply-attr: "Framed-IP-Address = 1.2.3.4" Hope that helps. Cheers. > > Authur > > > > > === > Archive at http://www.thesite.com.au/~radiator/ > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. >-- End of excerpt from Authur Lin -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Give me some suggestions for Authentication, Authorization and Accounting
Hello, We know the radius can process all about authentication, authorization, and accounting. Whether it is possible if I use radius for authentication/accounting, LDAP for authorization ? Could anyone give me some suggestions ? Authur === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Give me some suggestions
Hello Authur, I think if you use the example schemas that we provide in the goodies directory it will do what you want. In those examples, each accounting record has the NAS-IP-Address stored in the NASIDENTIFIER column. You could then use that column to select the accounting records for each NAS. Hope that helps. Cheers. On Jun 20, 9:44am, Authur Lin wrote: > Subject: (RADIATOR) Give me some suggestions > I am trying to transfer the conventional radius (use text file to record > users) to Radiator system. I have several NAS devices including Cisco > AS5300 and Xyplex Terminal Server in several location. Now I use central > authentication for all users in different location. In conventional > radius, it will keep several detail files according to the IP address of > NAS device (for example, NAS1 will keep detail file in a directory > a.b.c.d, NAS2 will keep detail file in a directory e.f.g.h) . If I want > to use SQL server for authentication, accounting and billing, please > give me some suggestions how do I to design database schema for > accounting (according to date, NAS device,) so that I can bill all > users according their usage(time or packages). > > > > > Authur > > > === > Archive at http://www.thesite.com.au/~radiator/ > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. >-- End of excerpt from Authur Lin -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Give me some suggestions
I am trying to transfer the conventional radius (use text file to record users) to Radiator system. I have several NAS devices including Cisco AS5300 and Xyplex Terminal Server in several location. Now I use central authentication for all users in different location. In conventional radius, it will keep several detail files according to the IP address of NAS device (for example, NAS1 will keep detail file in a directory a.b.c.d, NAS2 will keep detail file in a directory e.f.g.h) . If I want to use SQL server for authentication, accounting and billing, please give me some suggestions how do I to design database schema for accounting (according to date, NAS device,) so that I can bill all users according their usage(time or packages). Authur === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Give me some suggestions
I am trying to transfer the conventional radius (use text file to record users) to Radiator system. I have several NAS devices including Cisco AS5300 and Xyplex Terminal Server in several location. Now I use central authentication for all users in different location. In conventional radius, it will keep several detail files according to the IP address of NAS device (for example, NAS1 will keep detail file in a directory a.b.c.d, NAS2 will keep detail file in a directory e.f.g.h) . If I want to use SQL server for authentication, accounting and billing, please give me some suggestions how do I to design database schema for accounting (according to date, NAS device,) so that I can bill all users according their usage(time or packages). Authur === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.