Local Auth if Proxy Auth fails ---OR--- Proxy Auth if Local Auth fails
Sergio NNX
sfhacker at hotmail.com
Tue Oct 11 09:07:20 CEST 2011
Are we in a bad mood?
> Date: Tue, 11 Oct 2011 08:46:28 +0200
> From: aland at deployingradius.com
> To: freeradius-users at lists.freeradius.org
> Subject: Re: Local Auth if Proxy Auth fails ---OR--- Proxy Auth if Local Auth fails
>
> Яцко Эллад Геннадьевич (ngs) wrote:
> > I am beginner in RADIUS. I guessed you talked about
> > "sites-available/default"
> > because Cisco does not use any realms when sends its packets to the RADIUS.
>
> I talked about realms because I wanted to talk about realms.
>
> > I think it's needed "expanding of my task boundaries" :-) I want to make
> > Cisco
> > devices authenticate users when ther enter the device via telnet/ssh. It
> > would
> > be three-stage procedure:
> > - Windows DC if IAS (Microsoft RADIUS) is accessible;
> > - if no - RADIUS local DB if it is accessible;
> > - if no - Cisco's local DB (NAS local authentication).
> >
> > So If I correctly understood I need to use "authenticate" section.
>
> No. My example was correct.
>
> > But what is further I don't clearly imagine. I guess when Access-Request
> > is incoming,
> > RADIUS in accordance with suggested scheme must change realm of request and
> > continue process packet with new conditions, is it right?
>
> No. My example was correct.
>
> > I must define new realm, for example "ias", and I must define
> > home-server for it,
> > do I?
>
> That's the only thing you got right.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111011/bc2f975b/attachment.html>
More information about the Freeradius-Users
mailing list