using freeRadius to authentic a user to access different sources with different configuration

Abbas Yazdanpanah yazdanpanah.a+freeradius at gmail.com
Tue May 17 14:41:52 CEST 2011


Dear Fajr

I've read all the documents(it toke about 2 month for me to read and
learn them) and I also implemented freeRadius 2.1 and daloradius using
mysql configuration for an ISP(the mentioned system). I'm just an IT
guy so my boss who don't have good technical standpoint decided to
migrate and I'm in the research phase of migration. That's it.

The easiest solution to this scenario is using three separate
freeRadius servers where first one is a proxy which duplicates the
authentication request to the other servers and the other servers are
responsible for AAA on each resource(in this situation the Internet
and my provided intranet which has some value-added services like
Video On Demand, Game server, etc). The users must be authenticated
using mySQL or postgres. The ISP I'm working for is providing ADSL
services so the chap, ms-chap and ... authentication method are
desirable.  But you must know that in every region(we provide service
in must of the cities in our State) it is just one NAS per each
resource.

But it seems their might be another way which could be more efficient
and "interesting". So here I'm asking you about this scenario. And
I've searched the mailing list regarding to this situation and there
is nothing similar to my scenario(but I've learned much from them). I
would appreciate if someone could help me about this.

Regards,
Abbas.

On Tue, May 17, 2011 at 3:44 PM, Fajar A. Nugraha <list at fajar.net> wrote:
> On Tue, May 17, 2011 at 6:41 PM, Abbas Yazdanpanah
> <yazdanpanah.a+freeradius at gmail.com> wrote:
>> Dear all,
>>
>>
>> There is a NAS and I want to authenticate users. I have two resources,
>> the first one the is Internet and the second is an intranet. I've two
>> access policies regarding to each source. for example a policy is
>> "users have different bandwidth for accessing each source". I've a
>> proprietary radius server and have used its scripting abilities to set
>> the second resource policy. It must be said that the second resource
>> policy is identical for all users. It has been decided to migrate our
>> system to freeRadius (due to the expenses) and also there is a change
>> in policies so the second resource policy is not identical for all
>> users any more. Due to my lack deep experience in freeRadius, I was
>> wondering if there is any suggestion that would help me about this
>> scenario.
>
> Read the documentation?
>
> Seriously. Whoever "decided to migrate our system to freeRadius"
> should've done their homework first, and at least know the general
> idea about:
> - whether freeradius is suitable for a particular purpose, and
> - how you're going to do it
>
> Depending on your needs, something as simple as users file might be
> suitable (run "man 5 users" once you have freeradius installed). You
> might be able to create policies based on something like
> NAS-IP-address attribute.
>
> For more complex configuration, sql or unlang might come in handy. The
> default configuration file is pretty well commented, start from there.
> Then continue to the included doc/ directory (or read latest version
> online from https://github.com/alandekok/freeradius-server/tree/v2.1.x/doc)
>
> --
> Fajar
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list