(RADIATOR) Different authentication methods for differen ip-ranges

Hugh Irvine hugh at open.com.au
Tue Mar 18 14:39:50 CST 2003 

Hello Freerk -

It is possible to do almost anything with Radiator, however in answer 
to this particular question, I need to know what the network segments 
described below correspond to in radius terms? Are there different 
radius client NAS(s) that are located on these different segments? If 
so you could do something like this:

# define Client clauses

<Client n.n.n.n>
	Identifier 141.252.x.x/16
	.....
</Client>

<Client m.m.m.m>
	Identifier 141.252.19.x/24
	.....
</Client>

.....

<Handler Client-Identifier = 141.252.x.x/16>
	<AuthBy LDAP2>
		.....
	</AuthBy>
	.....
</Handler>

<Handler Client-Identifier = 141.252.19.x/24>
	<AuthBy FILE>
		.....
	</AuthBy>
	.....
</Handler>

There are other possibilities depending on exactly how you need to 
recognise the network segments.

regards

Hugh


On Wednesday, Mar 19, 2003, at 06:04 Australia/Melbourne, Freerk 
Bosscha wrote:

> Thanks for reading this mail.
>
>  
>
> I would like to do the following:
>
>  
>
> The primary authentication is done with openldap on my linux 8.0 box.
>
> This is for the network 141.252.x.x/16
>
>  
>
> For a small segment 141.252.19.x/24 I would like to use a file-based 
> user authentication.
>
>  
>
> How do I need to set up the
>
>  
>
> Can I use something like:
>
>  
>
> <Realm 141.252.19.0/24>
>
>             file authorization
>
> </Realm>
>
>  
>
> <Realm DEFAULT>
>
>             ldap authorization
>
> </Realm>
>
>  
>
>  
>
> Thanks for any reply,
>
>  
>
> Freerk Bosscha
>
> Noordelijke Hogeschool Leeuwarden
>
> The Netherlands
>
>  
>
> f.j.bosscha at nhl.nl
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 3850 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030319/4565790a/attachment.bin>

More information about the radiator mailing list