Mutiple Seperate nt domains

Phil Mayers p.mayers at imperial.ac.uk
Fri Dec 1 13:36:04 CET 2006


> 
> 1. a vpn client contacts the cisco box
> 2. the ciscop box forwards the request to the radius server for
> authentication.
> 3. the radius server somehow proxies the request to the windows domain
> server
> 4. the domain server reports back an ok to the radius server?
> 5. the vpn tunnel is setup.
> 
> What I can understand about freeRadius is that it is possible to proxy
> authentication requests to other radius servers depending on domain names
> and other fields. Is this correct?

Yes

> 
> Is this type of setup even doable with a Radius Server and if so could
> anyone help me in the directions of some solid howto's as I'm fairly green
> working with radius servers.

It's not very hard at all. See the "proxy.conf" file in the 
distribution. Broadly speaking, assuming they are all logging in as 
"user at domain.com" you need:

modules {
   # other modules
   realm suffix {
     format = suffix
     delimiter = '@'
     ignore_default = yes
     ignure_null = yes
   }
}

authorize {
   preprocess
   suffix
}

...the in proxy.conf for each customer:

realm domain.com {
   type = radius
   authhost = the.auth.server.domain.com:1812
   accthost = the.acct.server.domain.com:1813
   secret = TheRadiusSecret
   nostrip
}

> 
> Hope someone has some input to this type of setup.
> 
> Regards
> Christian
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list