Copy user entries from a server to another?

Fajar A. Nugraha list at fajar.net
Tue Jun 28 11:36:28 CEST 2011


On Tue, Jun 28, 2011 at 3:55 PM, Tiberiu Breana
<tiberiu.breana at gmail.com> wrote:
> Hello.
>
> Is it possible to copy user entries from a server to another?
> I have a user that connects to a "foreign" Radius server (AAAF). The AAAF
> detects his realm and forwards the request to the realm's appropriate Radius
> server (AAAH).
> The AAAH authenticates the user and returns the result.
>
> What I'd like to do: copy the user entry to the AAAF (username, password,
> check items, reply items) so that the AAAF can later authenticate the user
> without having to forward the request.
> Is this possible? Furthermore, how could I keep the user's data, seeing how
> unlang doesn't support creating new variables?

Not recommended. How will you know if (for example) the user change
his password later? AAAF will always reject it later even if the
password is actually correct.

That being said, you MIGHT be able to work around that by:
(1) forcing PAP
(2) logging user passwords for succesfull auth (see radiusd.conf)
(3) parse the log (a simple "awk" or something should work)
(4) insert manually to db
the "forcing PAP" part is necessary cause if the client uses MSCHAP
you won't be able to see the cleartext password.

As an alternative to (2) - (4), unlang supports arbitrary SELECT query
(something like %{sql:.. , see
http://freeradius.org/radiusd/man/unlang.html). But since you need to
do an INSERT (insert user password to db), you need to work around
that. See http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg51742.html
for example.

-- 
Fajar

-- 
Fajar



More information about the Freeradius-Users mailing list