Realms allowed to some huntgroup

Walter Reynolds waltr at umich.edu
Fri Mar 10 16:15:07 CET 2006 

Is this possible?  I still am not finding documentation that points me to 
if I can or how.

On Tue, 7 Mar 2006, Walter Reynolds wrote:

>
> I am not quite finding the setup I am looking for and hope someone can point 
> me to the files I should be updating.
>
> Currently I am running version 1.0.4
>
> Hopefuly I can describe what I want to do and you can let me know if it is 
> doable, and if so what files I should modify.
>
> I have questions.
>
> 	1. How can I authenticate realms differently.
> 	2. Can I set up logging based on Realm
>
> I will simplify this and say we have two service types I want to 
> authenticate.
>
> 	1. Wireless
> 	2. VPN
>
> I currently have Wireless and VPN set up so we do some proxy.  If a user 
> signs in with either the following they can log in:
>
> 	waltr - no domain (us NULL realm to authhost = local  in proxy.conf)
> 	waltr at xxx.edu - xxx.edu domain has realm defines and proxies to
> 			remote radius server at other campus
>
> Well this works and Wireless and VPN can sign in.  The thing is I want 
> wireless to work this way, but I want VPN to only work with no domain logins.
>
> But how do I define a domain/realm to a group so I can put that into the 
> huntgroup file.
>
>
> We are currently using Merit radius and it works this way (I am adding this 
> for example only)
>
> Clients.conf (using old style for clarity)
> ===========================
> #Clients Name       Key             [type]          [version] [prefix]
> #----------------  --------------- --------------- --------- --------
> # iLab Radius servers
> vpn.xxx.edu          secretvpn      type=Merit:PROXY           vpn
> wirelessAP1.xxx.edu  secretwireless type=PROXY                 wireless
> wirelessAP2.xxx.edu  secretwireless type=PROXY                 wireless
>
>
> ============================
>
> The prefix would tell it to use a specific users file and authfile. So I have 
> the following 4 files:
>
> vpn.users
> vpn.authfile
> wireless.users
> wireless.authfile
>
> With those files I can have users connecting to wireless clients (ie 
> huntgroup) go to a specific user and authfule.  I can set the vpn service to 
> authenticate Null realms and drop all others while at the same time I can set 
> wireless to authenticate Null locally and proxy the defined realms to another 
> radius server.
>
>
>
> Question number two is can I separate the accounting for the realms to 
> different logfiles?
>
>
>
>
> -- Walter Reynolds
>   University of Michigan
>

-- Walter Reynolds
    University of Michigan

More information about the Freeradius-Users mailing list