Local Auth if Proxy Auth fails ---OR--- Proxy Auth if Local Auth fails

Sergio NNX sfhacker at hotmail.com
Tue Oct 11 09:07:20 CEST 2011


Are we in a bad mood?

> Date: Tue, 11 Oct 2011 08:46:28 +0200
> From: aland at deployingradius.com
> To: freeradius-users at lists.freeradius.org
> Subject: Re: Local Auth if Proxy Auth fails ---OR--- Proxy Auth if Local Auth	fails
> 
> Яцко Эллад Геннадьевич (ngs) wrote:
> > I am beginner in RADIUS. I guessed you talked about 
> > "sites-available/default"
> > because Cisco does not use any realms when sends its packets to the RADIUS.
> 
>   I talked about realms because I wanted to talk about realms.
> 
> > I think it's needed "expanding of my task boundaries" :-) I want to make
> > Cisco
> > devices authenticate users when ther enter the device via telnet/ssh. It
> > would
> > be three-stage procedure:
> > - Windows DC if IAS (Microsoft RADIUS) is accessible;
> > - if no - RADIUS local DB if it is accessible;
> > - if no - Cisco's local DB (NAS local authentication).
> > 
> > So If I correctly understood I need to use "authenticate" section.
> 
>   No.  My example was correct.
> 
> > But what is further I don't clearly imagine. I guess when Access-Request
> > is incoming,
> > RADIUS in accordance with suggested scheme must change realm of request and
> > continue process packet with new conditions, is it right?
> 
>   No.  My example was correct.
> 
> > I must define new realm, for example "ias", and I must define
> > home-server for it,
> > do I?
> 
>   That's the only thing you got right.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111011/bc2f975b/attachment.html>


More information about the Freeradius-Users mailing list