What I was planning on doing for true virtualization of our whole operation
was to have Merit radius look at different users files depending on what IP
the request is comming from. For example a client checks their e-mail on
domain1.com radius would see that the request is from mail.domain1.com and
look in the domain1 users file. and the same for someone checking their mail
on domain2.com radius would need to see that the ckpasswd request is coming
from the ip that is for mail.domain2.com in order to look in the domain2
users file. That way someone with the same username on domain1 can coexist
with the other person with the same username on domain2.
I have the ckpw-radius from Monte, I am just not having any luck running the
perl. Maybe I'm missing something or another, but I installed IO 1.20 and
Digest-MD5-2.07 wich i got from CPAN. I can could get you the whole list of
compiliation errors If you would like.
Regards,
Gary Stewart
-----Original Message-----
From: Todd at NM Technet [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 22, 1999 10:35 AM
To: Qmail List
Subject: Re: Radius Authentication
gary,
we do pop3 authentication to a heavily hacked version of radius (and the
radiusified checkpasswd on qmail.org should be the one written by monte
miztelfelt ([EMAIL PROTECTED]) here). the perl version works great for us (i
can send out another copy if you're having trouble getting it).
as for the ip binding, i'm not completely clear on the question. the
radius requests will (depending on the operating system and the number of
ip bindings) come from one of the ip addresses on the interface that
routes to the radius server. this is usually determinate (because it has
one interface). if it is not determinate, you can hack the perl to bind
to a specific address (rather than ANY) on that interface (this can happen
with many unices when you have multiple addresses on the same
interface--binding a socket will not always get you the primary one).
if you can write in with a bit more information, i'm sure that what you
are trying to do can be done.
todd underwood
[EMAIL PROTECTED]
On Thu, 22 Jul 1999, Gary Stewart wrote:
> Date: Thu, 22 Jul 1999 10:19:46 -0500
> From: Gary Stewart <[EMAIL PROTECTED]>
> To: Qmail List <[EMAIL PROTECTED]>
> Subject: Radius Authentication
>
> Greets people,
> I once again have a question. What I am trying to do is authenticate from
a
> merit radius server for pop3. The plan is to be hosting a number of
> different domains on our mailserver and have them all authenticate from
> radius(i know redundant ;). There are two problems that I forsee with
this.
> The radius clients file on the radius server looks at the IP of the
> incomming connection, secret, type, and the file to look for. for example
> the lines in clients would go something like this:
>
> #Client Name Key [type] [version] [prefix]
> #---------------- --------------- --------------- --------- --------
> 1.2.3.4 secret type=nas domain1
> 4.3.2.1 secret type=nas domain2
>
> the obsticle I need to cross here is since the radius query would probaby
> only come from the main ip of the mail server we
> 'd only authenticate out of the domain1 users file. Is there a way to bind
a
> radius client to perform queries from a certain IP so that the radius
server
> can distinguish where to look?
>
> But first is first. Where can I find a C checkpasswd that will perform
> radius auth anyway? I've been tinkering with that perl version, but Its
not
> working for me, and would like a C version mainly due to speed anyway.
>
> Much help would be greatly appreciated, if yer not all confused already
=c)
>
> ----------------------------------------------
> Gary Stewart [EMAIL PROTECTED]
> Internet Service Specialist
> Northern Valley Communications
> (888)919-8945 http://www.nvc.net
> ----------------------------------------------
>
>
