group based authentication

srg krn srgqwerty at gmail.com
Sat Sep 23 14:57:35 CEST 2006


Thanks a lot for your response.
About your question... Yes I did.
>From the doc at http://wiki.freeradius.org/Proxy :
"It is possible to use FreeRADIUS as a proxy RADIUS server. This means
that it can consult a remote RADIUS server to validate a user."

We need that the "remote RADIUS that validates the user" can be a
radius OR LDAP OR MYSQL OR ... (point 3 of my question).

Thanks and best regards

On 9/23/06, Peter Nixon <listuser at peternixon.net> wrote:
> On Sat 23 Sep 2006 13:41, srg krn wrote:
> > Hello:
> >
> > We want to design an AAA system with the following requisites:
> >
> > COMPONENTS THAT WE HAVE:
> > A) NAS(es)
> > B) freeradius frontend
> > C) authenticators
> >
> > WHAT WE CAN DO IS:
> > 1. The NAS send a radius "access-request" to the radius frontend.
> > In the packet there is a username (in username at group) syntax and a
> > password. 2. The frontend MUST decide the authentication method and the
> > authenticator machine based ONLY in the group (string AFTER the @).
> > 3. The frontend sends user and password (note that NOT user at group) to
> > the authenticator machine (maybe another radius, ldap, mysql, ...).
> > 4. Then authenticator machine answer's to the frontend only with "OK"
> > or "NOT OK".
> > 5. If "OK" from step(4), then the freeradius answer's the NAS with
> > "access granted" and some attributes extracted from the "group" (ip
> > pool, netmask, default gw, ... _AND_ THE GROUP THAT IS AFTER THE @).
> >
> > NOTE THAT:
> > - The unique function of the authenticators is saying "OK" if the
> > username and passwd are correct or "NOT OK" if not.
> > - NO USERS are defined in the radius frontend (only GROUPS with their
> > respective attributes).
> >
> > Is there any "intelligent" way of acomplishing this design with freeradius?
>
> Yes.
> Did you read the documentation?
>
> Start at:
> http://wiki.freeradius.org/Proxy
>
> --
>
> Peter Nixon
> http://www.peternixon.net/
> PGP Key: http://www.peternixon.net/public.asc
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>



More information about the Freeradius-Users mailing list