Seek through several RADIUS severs without realms

[Ronen Kfir]

Unfortunately I lost the previous message of this thread, where Alan Dekok's
respond is presented.
Anyway, the content of it was he offered to use groups membership. He also
gave a specific file: rlm_passwd which should be configured in order to
achieve groups membership as an indication which IAS server would respond
each authentication request.
 
The thing is, though went over the help file of rlm_passwd a couple of
times, I didn't see clear explanation how to configure it when working in
IAS-Active Directory environment.

Appreciate you help on this one.

Cheers,


Ronen













As I didn't get any response yet, I would like to make my self clearer: 

I'm looking for alternative ways to differ among authenticated users, other
then realms. I thought that the way to do it is, as I described bellow. The
thing is I'm not sure how to implement this idea with in Free RADIUS. Please
help me in the configuration and implamantation of this concepts.


Thank you,

Ronen










My scenario is as follow:
I use more then one strong authentication system, which is OTP (One Time
Password) based and has a RADIUS interface. I use the same users repository
for the various authentication systems and wish to differ between the
authentication systems, using Free RADIUS .Net. I wouldn't like to use
realms, as I would like users to use ordinary username and not make them use
a realm. I think that the way to do it, is to create sort of loop, which
will run through the various RADIUS interfaces of the OTP systems and seek
for a given username. If it fails on one  system, continue to the next one,
and if not found in any of them, send reject access response.


Best,
 
Ronen.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3086 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080804/7c4c08e2/attachment.bin>