FreeRADIUS 3.0.1 [Proxy To Another Radius if Reject Received]

Ibrahim Almahfooz ibrahim.nezar at gorannet.net
Mon Jul 11 16:56:41 CEST 2016


>>My simple answer is "don't do that".  Your design is wrong.
>>There is no security gained by hiding RADIUS 2 from the BRAS, or by
hiding database 2 from RADIUS 1.

Thank you Alan for your answer however I will be waiting for Stefan help
regarding the other method. We need such a setup to be implemented
temporary for two-three months then we will remove it.


On 11 July 2016 at 16:07, Alan DeKok <aland at deployingradius.com> wrote:

> On Jul 11, 2016, at 7:52 AM, Ibrahim Almahfooz via Freeradius-Users <
> freeradius-users at lists.freeradius.org> wrote:
> > The purpose behind that is as you said the secondary DB is not allowed to
> > be accessed by the first FR and vice versa. In addition to that, the
> > secondary radius should not be facing our BRAS network for security
> > reasons.
>
>   My simple answer is "don't do that".  Your design is wrong.
>
>   There is no security gained by hiding RADIUS 2 from the BRAS, or by
> hiding database 2 from RADIUS 1.
>
>   Alan DeKok.
>
>


--


More information about the Freeradius-Users mailing list