New to FreeRadius (not to Radius) and need to know about capabilities.

Peter Nixon listuser at peternixon.net
Wed Sep 20 02:00:11 CEST 2006


This should all be possible natively in FreeRADIUS. If you wish you can of 
course also use perl as well :-)

Cheers

Peter

On Wed 20 Sep 2006 00:57, Dan Geist wrote:
> Greetings, all. I'm a new user that's looking at FreeRadius because of
> some of it's features, but I'd like to figure out if it can replicate
> what I'm currently doing before I start looking into a migration. My
> current setup does the following (with openradius, mysql, perl, and a
> PAM-securID module) on each packet arrival:
>
> 1) check an SQL db for the encryption key and tokenize everything (if
> so, continue, else exit)
>
> 2) check to see if it's an accounting packet and log it (if so, then do
> it then exit)
>
> 3) if it's anything else, check the SQL db to see if the username is
> valid. (if so, continue, else exit)
>
> 4) execute a PAM check on the valid user with the credentials just
> provided (which could be unix auth, securID, mysql, LDAP, whatever PAM
> supports) (if authenticated, continue, else exit)
>
> 5) check to see if it's one of a short list of auth-only NASs (if so,
> authenticate that user and exit, else continue)
>
> 6) do another SQL lookup to get the combination of VSA option values for
> that unique username/nas pair and return the appropriate RAD-access
> option along with the VSA options for that user/device combination
> (return packet/VSAs and exit)
>
> Now, I know that's a lot of info, but does FreeRadius have the
> flexibility to be able to do something like this? The big things are
> that it be able to do PAM auth on users and that it be able to return
> VSAs based on a one-to-one relationship that's stored in a MySQL db.
>
> Thanks.
> Dan

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060920/06650fa7/attachment.pgp>


More information about the Freeradius-Users mailing list