(RADIATOR) Radiator AS a Proxy?
Hugh Irvine
hugh at open.com.au
Wed Aug 14 11:41:56 CDT 2002
Hello Skeve, Hello Frank -
Frank is correct (thanks Frank) - you would do something like this:
# define AuthBy clauses
<AuthBy RADIUS>
Identifier ForwardToProxy
Host .....
Secret .....
AllowInReply .....
.....
</AuthBy>
<AuthBy FILE>
Identifier CheckUsersLocally
Filename %D/localusers
.....
</AuthBy>
.....
# define Realms
# set "remote.realm" to the target realm
<Realm remote.realm>
AuthBy CheckUsersLocally
.....
</Realm>
......
Then the file %D/localusers would look like this:
# only users defined here will be proxied
someuser Auth-Type = ForwardToProxy
anotheruser Auth-Type = ForwardToProxy
.....
Have a look at section 6.29 in the Radiator 3.1 reference manual
("doc/ref.html").
If you have any other questions, please feel free to ask.
regards
Hugh
On Thursday, August 15, 2002, at 12:42 AM, Frank Danielson wrote:
> You could set up an AuthBy RADIUS clause to point to your customer's
> RADIUS
> server and then add and Auth-Type check item to those users in you users
> file to database to force them to authenticate using the AuthBy RADIUS.
> In
> the 2.19 manual section 13.1.6 explains the use of the Auth-Type check
> item.
> AuthBy RADIUS is also well documented in the manual and has been
> discussed
> in length on the mailing list.
>
> Frank Danielson
> [Infrastructure Architect]
>
> wireless: 407.467.7832
> wireline: 407.515.8633
>
> Data On Air
> 301 E. Pine St. Suite 450
> Orlando, Fl 32801
> http://www.dataonair.com
>
>
> -----Original Message-----
> From: jlewis at lewis.org [mailto:jlewis at lewis.org]
> Sent: Wednesday, August 14, 2002 9:06 AM
> To: Skeeve Stevens
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Radiator AS a Proxy?
>
>
> On Wed, 14 Aug 2002, Skeeve Stevens wrote:
>
>> Is it possible to use Radiator as a Proxy Radius?
>>
>> We have a customer who wants to be able to authenticate their own
>> dialup
>> users... so they can keep control of the passwords.....
>>
>> I am not completely against this, but would like to let them only
>> authenticate users that we have approved....
>
> Radiator can do this, but in a typical proxy radius setup, you would
> have
> this customer's users dial in as user at customerdomain.com (whatever their
> domain is) and you would pass these requests on to their radius
> server(s).
> You can (and should) strip and add certain attributes to their radius
> replies...but I'm not sure how you would handle proxy radius and
> approving
> or denying access for certain users. If you want to do that, what's the
> point in proxying the authentication?
>
> ----------------------------------------------------------------------
> Jon Lewis *jlewis at lewis.org*| I route
> System Administrator | therefore you are
> Atlantic Net |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list