(RADIATOR) Radius, Kerberos, and 802.1x Dynamic Vlans

Hugh Irvine hugh at open.com.au
Thu Sep 23 17:52:20 CDT 2004 

Hello Kirk -

Yes it is possible and quite common to have multiple sources for 
authentication information.

You can either use multiple AuthBy clauses, or cascaded AuthBy clauses, 
and there are other possibilities too.

There are many examples in the Radiator mailing list archives:

	www.open.com.au/archives/radiator

regards

Hugh


On 24 Sep 2004, at 06:25, Kirk T Byers wrote:

> We are considering deploying an 802.1x solution for some of our wired
> infrastructure.  We have a centralized Kerberos server that contains 
> our
> usernames and passwords.  Because of this, we were planning on using
> EAP-TTLS/PAP for our EAP method.  Consequently, we would have Client 
> -->
> Switch --> Radius Server --> Kerberos.
>
> In this context, is it possible to implement 802.1x with dynamic vlan
> assignment?  Does Radius allow you to retrieve data from multiple 
> sources?
> For example, can we authenticate the user against the Kerberos Domain
> Controller, but pull the Vlan information from another source (either a
> local data source on the Radius server, or some other remote data 
> source)?
>
> Thanks, for the assistance.
>
>
> Kirk Byers
> Information Security Services
> Stanford University
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list