Hi,
Do you mean I could seperate users from different realms into different database tables? Is this what it means my using schemas? So rather than have one users table, I can have many different tables with users from different realms? And allow customers access to only the user table which apply to their firewall?
Dana Hudes wrote:
at the database level you can create a database user and GRANT them
rights on the users table. That would, howeer, allow them to mess
with users of other external customrs. If you tag vpn users so you can identify to whom the user belongs, you can use an application
which authenticates the customer and allows control only over custoers tagged appreioately. Anohter possibilty I suppose would be a per-customer
schema over whcih ty have rights but otherc customer's users are in their own respetive schemas and unafected. this would irequire ajdustments on the user auth side, you'd need to add explicit schema support.
On Wed, 25 Aug 2004, Maqbool Hashim wrote:
I'd like to know if it is possible to allow external customers limited access to add users to our RADIUS configuration. We manage many firewalls for different customers. VPN users on the firewalls can be authenticated via our Freeradius server. So when another VPN needs to be setup on the firewall, we add a user into the users file or the SQL table. Is it possible to for us to allow customers to be able to add users to the SQL table, without these users being authenticated for all of the other customers firewalls?
So we want customer A to be able to add users which are to be authenticated on Firewall A without, these users being able to be authenticated on Firewalls B, C and D.
Is this possible? I know this will involve realms, but how can we get the customer to update the RADIUS configuration without giving them too much access to the RADIUS files?
Has anyone got a similar setup or know how this can be achieved?
Regards
Maqbool
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
