Gerry Gysbers <[EMAIL PROTECTED]> wrote: > > A vendor has expressed interest in providing dial-up access for our > institution. They would provide their own proxy-radius server, which > would then talk to our radius server (not installed yet), for > authentication. Our radius server would need to cut log records (session > times) and authenticate against an existing NT domain. Is FreeRADIUS an > appropriate product to use for this scenario (we'd use the latest > version - 0.9.3)?
Yes. The rlm_smb module can be used. But grab the module from the CVS head, as the one in 0.9.3 has a security flaw. The module can currently only authenticate PAP against an NT domain. So if people log in with CHAP or MS-CHAP, it won't work. > Ideally, we'd like to run the server under Solaris. Not a problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html