I have searched, but did not find what I was looking for, so trying to do my own flowchart of the process. Below is a written up flow that I want to try and convert to a graphical one. Can I please get some feedback on if this is not only the way it really works, but also if it is accurate.
If someone has something like this I would be very grateful if you would pass it along to me. Just remember plagiarisms is the greatest form of flattery (I would give you credit either way if you wanted) Thanks. ======================================== 1. Request comes in (example) User-Name = "[EMAIL PROTECTED]" User-Password = "Password" NAS-IP-Address = 192.168.224.36 Service-Type = Login-User Framed-IP-Address = 198.168.225.72 Called-Station-Id = "00:07:E9:D1:8F:C2" Calling-Station-Id = "00:40:96:a7:00:14" NAS-Identifier = "box.lab" Acct-Session-Id = "00:07:E9:D1:8F:C2:117165661771" NAS-Port-Type = Wireless-802.11 2. Looks in the authorize section of radius.conf ## authorize actually means is this request authorized to authenticate ##(does it match rules) preprocess ##This looks a the following files to add/coorelate ##the request to rules defined in later modules. huntgroups ##Matches based on NAS hints ##Matches on user auth_log ##This defines where the log will be suffix ##Defined as deliminater for proxying realms ## Finds realm (if listed, if so will be used ##starting in preproxy_users eap ##Set to define and perform EAP authentication (if in ##request) files ## Looks at the following files: users ##Used to decide how to AuthZ and AuthN ##users. Check items, if matched will ##add reply info to NAS ##if no specific match, will match ##DEFAULT ##User could move to acct_users ##Same as users file but for accounting. !!!***!!!If there is no realm defined at this part, it will preproxy_users ##Matches like users, but reply items ##added to proxied request to new NAS pre_proxy_log ##Allows you to log the pre-proxied ##request 3. Sent proxy request to radius server listed in proxy.conf if it did find a realm match (based on suffix/px.... 4. Receives reply a. Looks at post_proxy post_proxy_log ##Logs post proxy info if enabled attr_filter ##Allows you to filter what the proxied ##server sends back to NAS 5. Sends Accept/Deny to NAS (with all attributes added or filtered) 6. Accounting ---- -- Walt Reynolds Principle Systems Security Development Engineer Information Technology Central Services University of Michigan (734) 615-9438 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html