[RADIATOR] Multiple network access devices

Heikki Vatiainen hvn at open.com.au
Tue Aug 2 15:18:47 CDT 2011


On 08/01/2011 10:32 PM, Smith, Todd wrote:

> I have a working Radiator configuration that is working for our enterprise wireless network but I am looking to expand it to include other types of network access devices.  Looking through the documentation and the goodies directory, I don't see a good example to refer to.  What I would like to do is something like this:
> 
> Network Access Device X using EAP protocol Y allowing access to usergroup Z to a certain level of permissions and admingroup A having different permissions.
> 
> Network Access Device 1 using EAP protocol G allowing access to usergroup W to a certain level of permissions and admingroup B having different persmissions.
> 
> My current configuration has many client devices defined but they are all using the same handlers and realm information and I didn't see a way to use many different network access devices with different configurations.  I am sure that I am missing something and if there is a section of documentation that covers this or a file in the goodies directoy then please point me to it so that I can learn.

To differentiate between devices, NAS-IP-Address and NAS-Identifier
request attributes are often used in Handler checklists.
Called-Station-Id may also be useful for this.

SQL and LDAP are commonly used for storing user and group information.
You could e.g, do a SQL select to fetch user permissions based on the
NAS-Identifier.

You may want to check ref.pdf section "5.30.10 AuthColumnDef" for SQL
and section "5.37.16 AuthAttrDef" for LDAP to see how user permissions
or attributes can be fetched and returned back to the network access device.

Thanks!
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list