Stripped Usernames
tnt at kalik.net
tnt at kalik.net
Thu Oct 16 02:05:20 CEST 2008
>The only thing I know about it is, that the username is not standing
>alone anymore like it was - but instead it's username at domain which looks
>to me like the stripped user will only connect to the NAS which belongs
>to this domain even if there might be a second RADIUS .... is it like
>that?
Sort of. It's quite unlikely that you will have same user/pass in your
database as well.
>And if the case would be that the RADIUS Server wich belongs to
>this domain is just proxying to another, then the request will be
>forwarded to another RADIUServer ... ?!
Not very likely. It is usually the home server and it will accept or
reject the request. But it can be relayed further too.
>Is that what you mean with
>proxying? Cause it sounds more like forewarding ... !?
Does it?
http://en.wikipedia.org/wiki/Proxy_server
It helps when you know what you are talking about.
>.... I mean I've alreadey a running RADIUS SQL test-system - but a
>szenario like described above would be very interesting for my new
>network environment .. so I would like to know what positiv options it
>might bring to stripp usernames ... and also some about proxying ...
>
It works sort of like this: your radius server recieves a request from
user at realmx. You don't do realmx, but you know a man who does. He is a
friend of yours and you have agreed to let his lot onto your network.
You have his radius server configured in proxy.conf. He also knows that
you might be sending such requests his way so he has your server
configured in his clients.conf. If you are sending the request to the
server that should "know" the user (home server) you normally strip
the username. If you are sending to the proxy chain (like EDUROAM) you
don't.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list