Local Auth if Proxy Auth fails ---OR--- Proxy Auth if Local Auth fails

[Alan DeKok]

Яцко Эллад Геннадьевич (ngs) wrote:
> I am beginner in RADIUS. I guessed you talked about 
> "sites-available/default"
> because Cisco does not use any realms when sends its packets to the RADIUS.

  I talked about realms because I wanted to talk about realms.

> I think it's needed "expanding of my task boundaries" :-) I want to make
> Cisco
> devices authenticate users when ther enter the device via telnet/ssh. It
> would
> be three-stage procedure:
> - Windows DC if IAS (Microsoft RADIUS) is accessible;
> - if no - RADIUS local DB if it is accessible;
> - if no - Cisco's local DB (NAS local authentication).
> 
> So If I correctly understood I need to use "authenticate" section.

  No.  My example was correct.

> But what is further I don't clearly imagine. I guess when Access-Request
> is incoming,
> RADIUS in accordance with suggested scheme must change realm of request and
> continue process packet with new conditions, is it right?

  No.  My example was correct.

> I must define new realm, for example "ias", and I must define
> home-server for it,
> do I?

  That's the only thing you got right.

  Alan DeKok.