How to handle multiple NAS's, auth requirements, etc.

Gary Gatten Ggatten at waddell.com
Fri Aug 21 17:37:07 CEST 2009 

Sorry!  s/so/sorry in OP!!!!  

 

________________________________

From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org
[mailto:freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.or
g] On Behalf Of Gary Gatten
Sent: Friday, August 21, 2009 10:34 AM
To: FreeRadius users mailing list
Subject: How to handle multiple NAS's, auth requirements, etc.

 

Hello, so for the BASIC question!  First, is there any docs that explain
the concepts of how all the various pieces of FR tie together?  I've
read a bunch of stuff and am making some headway, but some of the
architecture and process flow still escapes me.  If I can gain a better
understanding of the internals I could probably resolve most of my own
questions and better contribute to the community as well!

 

Now, the question:

 

We have various environments that need to authenticate and authorize
using FR:  VPN connections with something like (if member of "VPNGroup"
then permit, else deny); vty login to network gear with (if member of
"NetEngGroup" then permit, else deny); and 802.1x with dynamic VLAN
assignment.  I plan to use ntlm_auth for all of these to hit AD on the
backend.

 

The problem I'm having is grasping how I can do this?  Do I need
separate instances of FR?  A bunch of  "if then/else" clauses somewhere?
How does FR know what type of auth is required?  Am I making this more
complicated than it really is?

 

TIA for the help!  In the mean time I'll keep reading and playing!

 

Gary

 

"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential. If
you are not the intended recipient, you are hereby notified that any
review, use, dissemination, disclosure or copying of this email and its
attachments, if any, is strictly prohibited. If you have received this
email in error, please immediately notify the sender by return email and
delete this email from your system." 






<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."
</font>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090821/d914e140/attachment.html>

More information about the Freeradius-Users mailing list