Local Auth if Proxy Auth fails ---OR--- Proxy Auth if Local Auth fails

"Яцко Эллад Геннадьевич (ngs)" eyatsko at ngs.ru
Tue Oct 11 07:59:53 CEST 2011

Dear Alan!

I am beginner in RADIUS. I guessed you talked about  
because Cisco does not use any realms when sends its packets to the RADIUS.

I think it's needed "expanding of my task boundaries" :-) I want to make 
devices authenticate users when ther enter the device via telnet/ssh. It 
be three-stage procedure:
- Windows DC if IAS (Microsoft RADIUS) is accessible;
- if no - RADIUS local DB if it is accessible;
- if no - Cisco's local DB (NAS local authentication).

So If I correctly understood I need to use "authenticate" section.

But what is further I don't clearly imagine. I guess when Access-Request 
is incoming,
RADIUS in accordance with suggested scheme must change realm of request and
continue process packet with new conditions, is it right?

I must define new realm, for example "ias", and I must define 
home-server for it,
do I?

Kind regards,

> authorize { ... ldap if (!notfound) { update control { Proxy-To-Realm 
> := "realm" } } ... } And set up the realm with home server, etc.
>> 3) If "yes" - Access-Acept! 4) If "no" - Are any Proxies configured? 
>> FreeRADIUS -> Proxy: User/Password 5) Proxy answers, FreeRADIUS 
>> translates the answer further to NAS. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111011/18c84a4f/attachment.html>

More information about the Freeradius-Users mailing list