FreeRADIUS 3.0.1 [Proxy To Another Radius if Reject Received]
Ibrahim Almahfooz
ibrahim.nezar at gorannet.net
Mon Jul 11 16:56:41 CEST 2016
>>My simple answer is "don't do that". Your design is wrong.
>>There is no security gained by hiding RADIUS 2 from the BRAS, or by
hiding database 2 from RADIUS 1.
Thank you Alan for your answer however I will be waiting for Stefan help
regarding the other method. We need such a setup to be implemented
temporary for two-three months then we will remove it.
On 11 July 2016 at 16:07, Alan DeKok <aland at deployingradius.com> wrote:
> On Jul 11, 2016, at 7:52 AM, Ibrahim Almahfooz via Freeradius-Users <
> freeradius-users at lists.freeradius.org> wrote:
> > The purpose behind that is as you said the secondary DB is not allowed to
> > be accessed by the first FR and vice versa. In addition to that, the
> > secondary radius should not be facing our BRAS network for security
> > reasons.
>
> My simple answer is "don't do that". Your design is wrong.
>
> There is no security gained by hiding RADIUS 2 from the BRAS, or by
> hiding database 2 from RADIUS 1.
>
> Alan DeKok.
>
>
--
More information about the Freeradius-Users
mailing list