at the database level you can create a database user and GRANT them rights on the users table. That would, howeer, allow them to mess with users of other external customrs. If you tag vpn users so you can identify to whom the user belongs, you can use an application which authenticates the customer and allows control only over custoers tagged appreioately. Anohter possibilty I suppose would be a per-customer schema over whcih ty have rights but otherc customer's users are in their own respetive schemas and unafected. this would irequire ajdustments on the user auth side, you'd need to add explicit schema support.
On Wed, 25 Aug 2004, Maqbool Hashim wrote: > I'd like to know if it is possible to allow external customers limited > access to add users to our RADIUS configuration. We manage many > firewalls for different customers. VPN users on the firewalls can be > authenticated via our Freeradius server. So when another VPN needs to > be setup on the firewall, we add a user into the users file or the SQL > table. Is it possible to for us to allow customers to be able to add > users to the SQL table, without these users being authenticated for all > of the other customers firewalls? > > So we want customer A to be able to add users which are to be > authenticated on Firewall A without, these users being able to be > authenticated on Firewalls B, C and D. > > Is this possible? I know this will involve realms, but how can we get > the customer to update the RADIUS configuration without giving them too > much access to the RADIUS files? > > Has anyone got a similar setup or know how this can be achieved? > > Regards > > Maqbool > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
