Hi, I know there're at least 10 ways to do this but wonder which is the best one, so I ask. I'm (still) in the process of replacing a Cisco ACS with freeradius on debian woody with a mysql-backend. The dial-up-part with static users is done & running great; thanks for freeradius !
Anyway, I've also RSA ACE SecurID users in my ACS which I need to send to the ACE-server (speaking RADIUS) for authentication; this also works fine with a realm (@ace) for testing but my problem is, that this means telling several hundred users to append @ace to their username. Now, thinking about two ways: 1. Proxy-To-Realm based on Huntgroup, disadavantage: - not database driven - I remember to have read from Alan that Proxy-To-Realm is not recommended somehow - getting quite complicated, I need to implement complex NAS/Client/Port-restrictions which I'd prefer to be done in freeradius with checkval's from the database (it'd be no problem to import ACE-users into radius-tables) 2. using a separte AUTH-TYPE but I haven't completely understood how to implement this anybody with a great hint on how to solve this the most flexible way ? the ACE-server running it's own crappy but working Radius should be limited to authenticate user/passcode only, any checks and replys should get filled by freeradius - preferably database driven.. TIA Michael - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html