Alan -- Thanks for the help. One further bit of clarification --
the Providers A, B, C each have about 10-20 proxy boxes. I would prefer to define them as classes of proxies rather than have to set up individual profiles in the 'users' file. Is there any reasonable way to do this, or am I really stuck putting a users entry for each proxy box? Regards, Dave ===================================================================== David C. Troy [[EMAIL PROTECTED]] 410-544-6193 Sales ToadNet - Want to go fast? 410-544-1329 FAX 570 Ritchie Highway, Severna Park, MD 21146-2925 www.toad.net On Fri, 5 Jul 2002, Alan DeKok wrote: > "David C. Troy" <[EMAIL PROTECTED]> wrote: > > I have the following situation -- > > > > 1) Provider A uses PAP and doesn't want Ascend-Data-Filters > > 2) Provider B uses PAP and DOES want Ascend-Data-Filters > > 3) Provider C uses CHAP and doen't want Ascend-Data-Filters > > 4) They all want to use ports 1645/1646 > > > > Everything is authenticated from a central MySQL database where I store > > both crypted and plaintext passwords, where needed. > > > > Is it possible to support all four of the above conditions in a single > > instance of freeradius? > > I don't see why not. > > > I would prefer to have the three machines have an identical configuration > > and use them for backup to each other, but I am not sure how I could go > > about differentiating between the three different providers; maybe place > > some directives in the clients.conf file? > > No, that won't help. > > > Some comments: > > - all using 1645/1646 is fine. FreeRADIUS will do that. > > - using PAP/CHAP is unimportant. FreeRADIUS will authenticate > whatever comes in the RADIUS request. > > - if you want to FORCE the use of PAP or CHAP, that's a bit harder, > but I don't see why it would be useful, or necessary. > > > So you're left with the problem of getting Ascend-Data-Filters to > two providers, but not the third. The answer is to find out what > distinguishes the provider A/C packets from provider B. Once you > know that, the answer is easy. > > If A/C come from client-A/client-C, and B comes from client-B, then > you can do in the 'users' file: > > DEFAULT Client-IP-Address == client-A > Ascend-Data-Filters... > Fall-Through = Yes > > DEFAULT Client-IP-Address == client-C > Ascend-Data-Filters... > Fall-Through = Yes > > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html