i am afraid i just dont understand enough about how all the pieces work together.
and i cant get anything that spells it out. i have looked at RFCs, gnu radius docs, bought oreilley book, scoured the web... even tried looking at modules/source code. modules, authorize vs authenticate, fall-through, request list vs reply list, how things must match, the various operators (:=, +=, etc) nothing i have seen succinctly lays it out, just bits/pieces. what i really need is a flowchart of how freeradius works. (complicated beast) > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Alan DeKok > Sent: Tuesday, November 02, 2004 3:23 PM > To: [EMAIL PROTECTED] > Subject: Re: FR help > > > "Roy G Davis" <[EMAIL PROTECTED]> wrote: > > i have several NAS boxes all PIX firewalls. i want to be able to > > restrict access by NAS IP address, Calling Station Id. i have a > > campus LDAP server i want to use for authentication except > for certain > > exceptions that will be maintained locally inside mysql db. i also > > want to return certain ACLs. i think i would prefer > 'groups' for each > > NAS/pix. > > Your configuration is complicated enough that configuring > ANY radius server will be complicated and time-consuming. > > My suggestion is to write down all of your requirements in > detail. Draw a little flowchart showing what you expect to > see in a RADIUS packet, and what kind of decisions the server > is supposed to make. That work will be necessary for any > RADIUS server you use. > > Once you've done that, configure the server in small stage. > Don't bother trying to get everything working all at once, > that will result in you wasting your time. Configure one > small piece, test it, and move onto the next. > > With that methodology, it's possible to get complex > configurations working very quickly. > > Alan DeKok. > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
