Local Auth if Proxy Auth fails ---OR--- Proxy Auth if Local Auth fails
"Яцко Эллад Геннадьевич (ngs)"
eyatsko at ngs.ru
Tue Oct 11 07:59:53 CEST 2011
Dear Alan!
I am beginner in RADIUS. I guessed you talked about
"sites-available/default"
because Cisco does not use any realms when sends its packets to the RADIUS.
I think it's needed "expanding of my task boundaries" :-) I want to make
Cisco
devices authenticate users when ther enter the device via telnet/ssh. It
would
be three-stage procedure:
- Windows DC if IAS (Microsoft RADIUS) is accessible;
- if no - RADIUS local DB if it is accessible;
- if no - Cisco's local DB (NAS local authentication).
So If I correctly understood I need to use "authenticate" section.
But what is further I don't clearly imagine. I guess when Access-Request
is incoming,
RADIUS in accordance with suggested scheme must change realm of request and
continue process packet with new conditions, is it right?
I must define new realm, for example "ias", and I must define
home-server for it,
do I?
Kind regards,
Ellad
> authorize { ... ldap if (!notfound) { update control { Proxy-To-Realm
> := "realm" } } ... } And set up the realm with home server, etc.
>> 3) If "yes" - Access-Acept! 4) If "no" - Are any Proxies configured?
>> FreeRADIUS -> Proxy: User/Password 5) Proxy answers, FreeRADIUS
>> translates the answer further to NAS.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111011/18c84a4f/attachment.html>
More information about the Freeradius-Users
mailing list