Scott Lambert <[EMAIL PROTECTED]> wrote: > I've been using GNU-RADIUS and asked this question on the GNU-RADIUS > list last week but didn't get any responses.
They haven't had a release for 2 years now... > I need to merge dial-up numbers and bring the DSL aggregation together > in order to reduce costs. That means, I will have potentially three > users with the username of "bob" trying to login on the same NAS box > with no way to tell which one they are other than the password the user > supplies. The NAS address and everything else I can think of will be > the same for all users. (we lack caller-id features). Yuck. > Is it possible to setup radius to authenticate these users? I'm willing > to switch RADIUS servers if someone has a nifty module that makes magic > happen. If your users are in LDAP, it's actually pretty easy, so long as they're all doing PAP authentication. FreeRADIUS has the ability to run multiple modules, depending on the return codes from a module. See doc/configurable_failover. The short answer is that if you have 3 LDAP databases, you can do something like: authenticate { ... Auth-Type any_is_ok { ldap1 { reject = 1 notfound = 2 ok = return } ldap2 { reject = 1 notfound = 2 ok = return } ldap3 } ... } This says "if they're not found in LDAP1, or if their password is wrong, try LDAP2, or try LDAP3". If your users aren't in LDAP, the same kind of thing can be done with another module, but it's a little more work. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html