(RADIATOR) Best Way to do this proxy

Hugh Irvine hugh at open.com.au
Sun Nov 3 09:22:17 CST 2002


Hello Skeeve -

You should use two AuthBy clauses under the control of an AuthByPolicy, 
something like this:

# define AuthBy clauses (FILE/SQL/whatever)

<AuthBy FILE>
	Identifier CheckLocal
	.....
</AuthBy>

<AuthBy RADIUS>
	Identifier CheckRemote
	....
</AuthBy>

<Realm customer>
	AuthByPolicy ContinueWhileAccept
	AuthBy CheckLocal
	AuthBy CheckRemote
	.....
</Realm>


regards

Hugh


On Saturday, November 2, 2002, at 09:53 PM, Skeeve Stevens wrote:

>
> Question...
>
> I have a customer who wants to do their own Radius authentication.....
> but... I don't want this customer to be able to create their own user
> accounts and so on.
>
> I want them to call us, get the account put in our radius server and we
> would provide at the first level:
> - port usage limit check (for that customer)
> - see if account exists
> - see if account is active
> - then check REMOTE customer radius server for authentication - the
> password
> - if success, pass back details of IP and such from our master radius
> server.
>
> In essence... giving the customer the ability to change passwords and
> lock accounts of their users.
>
> Can anyone suggest a good way to implement this? or is there any
> existing hooks which can do a local verification check before passing 
> on
> the request to another radius server..
>
> Users would use 'username at customer'
>
> ...Skeeve
>
>
> _______________________________________________________
> Skeeve Stevens, RHCE     Email: skeeve at skeeve.org
> Website: www.skeeve.org  - Telephone: (0414) 753 383
> Address: P.O Box 1035, Epping, NSW, 1710, Australia
>
> eIntellego - skeeve at eintellego.net - www.eintellego.net
> _______________________________________________________
> Si vis pacem, para bellum
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: I am travelling this week, so there may be delays in our 
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list