(RADIATOR) Realms

Hugh Irvine hugh at open.com.au
Mon Sep 17 20:51:41 CDT 2001


Hello Jesus -

I am confused as to what you what to do.

How are the users stored in the database - with realms or without?

Ie: "someuser at cnnw" or just "someuser"?

And do you want all radius requests to come to Radiator first?

And is there anything else you want to do with realms? In other words, what 
is supposed to happen with resellers?

Assuming Radiator is the first radius server, and assuming your users are 
stored without realms, here is what I would do:

# define AuthBy clauses

<AuthBy RADMIN>
                Identifier CheckRadmin
                DBSource        dbi:mysql:radmin:localhost
                DBUsername      xyzxyz
                DBAuth          verysecret
         .......
</AuthBy>

<AuthBy RADIUS>
      Identifier ProxyToMerit
      Host 208.187.190.253
      Secret verysecret
      AuthPort 1645
      IgnoreAccountingResponse
</AuthBy>

# define Realms

<Realm DEFAULT>
        RewriteUsername   s/^([^@]+).*/$1/
        AuthBy CheckRadmin
</Realm>

<Realm cnnw>
        AuthBy ProxyToMerit
</Realm>


hth

Hugh


On Tuesday 18 September 2001 10:08, Jesus Duarte wrote:
> Hello,
>
> 	I am trying to authenticate users under three criteria.  The
> default works but there are other realms that we use when our
> reseller customers and even our own customers authenticate through
> third party modem aggregations.
>
> 	All but one realm , "cnnw", are in one MySQL database and "cnnw"
> is on another BSDi server using the UNIX password file and an older
> version of MERIT AAA Radius.  I have set up the server with MySQL as a
> client in the MERIT AAA server.  Does what I have here seem like it will do
> the trick or am I going in the wrong direction?
>
>
> <Realm DEFAULT>
>         <AuthBy RADMIN>
>                 DBSource        dbi:mysql:radmin:localhost
>                 DBUsername      xyzxyz
>                 DBAuth          verysecret
> 	........
>
>         </AuthBy>
> </Realm>
>
> <Realm ipns.com>
>    <AuthBy RADMIN>
>                 DBSource        dbi:mysql:radmin:localhost
>                 DBUsername      xyzxyz
>                 DBAuth          verysecret
> 	.......
>    </AuthBy>
> </Realm>
>
> <Realm rmwt.com>
>    <AuthBy RADMIN>
>                 DBSource        dbi:mysql:radmin:localhost
>                 DBUsername      xyzxyz
>                 DBAuth          verysecret
> 	.......
>    </AuthBy>
> </Realm>
>
> <Realm cnnw>
>    <AuthBy RADIUS>
>       Host 208.187.190.253
>       Secret verysecret
>       AuthPort 1645
>       IgnoreAccountingResponse
>    </AuthBy>
> </Realm>
>
> Der Hausmeister
> ~~~~~~JESUS
>            ~~~~~~
> Jesus Duarte
> UNIX System Administrator (geek)
> IPNS/CNNW
>
> jesus at cnnw.net        jduarte at cnnw.net	      postmaster at cnnw.net
> abuse at cnnw.net        support at cnnw.net	      dns at cnnw.net
> abuse at ipns.com        jesus at ipns.com
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list