Re: IPv6 + Proxy...
20-Dec-02 at 17:39, Tamer Demir ([EMAIL PROTECTED]) wrote : > At 05:23 PM 12/20/2002, you wrote: > >20-Dec-02 at 17:23, Tamer Demir ([EMAIL PROTECTED]) wrote : > >> I know it looks strange but, In an scenario like this: you are a big > >> company and you have a contract with many smaller companies with their > >own > >> realms. The users which are in this small companies may connect to the > >> Internet by using other small companies' NASes. And in order to solve the > >> accounting conflict between the small companies the big company wants all > >> the data about the authenticating users from all other small companies. > >Big > >> company just will act as a referee. > >> > >> Is this somehow possible by using proxy option in FreeRADIUS, if yes how? > > > >Either all your radius servers are proxies to the big company's radius > >server(s) or you use something like radrelay and just use the accounting > >information (which contains the detail you need) you don't need the > >actual packets that are sent to the user, just the accounting info. > > Unfortunately, What if big company wants all the detailed informations and > also the small companies want all the detailed info too, like MAC address > of the users, the beginning and end time of the connection and the small > company name that the wireless user connected. They get all that, have you looked at an accounting record? -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 + Proxy...
Tamer Demir <[EMAIL PROTECTED]> wrote: > > What do you mean by that? > > I mean, can FreeRADIUS understand the authentication packets that comes > from a client that has an IPv6 IP address(128)? Since we are planning to > use RADIUS in an IPv6 Testbed to authenticate the users. And I answered that in my previous message, in text you deleted. > In an scenario like this: you are a big > company and you have a contract with many smaller companies with their own > realms. The users which are in this small companies may connect to the > Internet by using other small companies' NASes. And in order to solve the > accounting conflict between the small companies the big company wants all > the data about the authenticating users from all other small companies. Big > company just will act as a referee. > > Is this somehow possible by using proxy option in FreeRADIUS, if yes how? No. Use radrelay. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 + Proxy...
At 05:23 PM 12/20/2002, you wrote: 20-Dec-02 at 17:23, Tamer Demir ([EMAIL PROTECTED]) wrote : > I know it looks strange but, In an scenario like this: you are a big > company and you have a contract with many smaller companies with their own > realms. The users which are in this small companies may connect to the > Internet by using other small companies' NASes. And in order to solve the > accounting conflict between the small companies the big company wants all > the data about the authenticating users from all other small companies. Big > company just will act as a referee. > > Is this somehow possible by using proxy option in FreeRADIUS, if yes how? Either all your radius servers are proxies to the big company's radius server(s) or you use something like radrelay and just use the accounting information (which contains the detail you need) you don't need the actual packets that are sent to the user, just the accounting info. Unfortunately, What if big company wants all the detailed informations and also the small companies want all the detailed info too, like MAC address of the users, the beginning and end time of the connection and the small company name that the wireless user connected. Tamer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 + Proxy...
At 04:05 PM 12/20/2002, you wrote: Tamer Demir <[EMAIL PROTECTED]> wrote: > Is FreeRADIUS IPv6 compatible? What do you mean by that? I mean, can FreeRADIUS understand the authentication packets that comes from a client that has an IPv6 IP address(128)? Since we are planning to use RADIUS in an IPv6 Testbed to authenticate the users. > And, after the authentication of the user I want to send (proxy) the > authentication packets to another FreeRADIUS server, How can I do > that? Why? I know it looks strange but, In an scenario like this: you are a big company and you have a contract with many smaller companies with their own realms. The users which are in this small companies may connect to the Internet by using other small companies' NASes. And in order to solve the accounting conflict between the small companies the big company wants all the data about the authenticating users from all other small companies. Big company just will act as a referee. Is this somehow possible by using proxy option in FreeRADIUS, if yes how? Thanks a lot, Tamer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 + Proxy...
20-Dec-02 at 17:23, Tamer Demir ([EMAIL PROTECTED]) wrote : > I know it looks strange but, In an scenario like this: you are a big > company and you have a contract with many smaller companies with their own > realms. The users which are in this small companies may connect to the > Internet by using other small companies' NASes. And in order to solve the > accounting conflict between the small companies the big company wants all > the data about the authenticating users from all other small companies. Big > company just will act as a referee. > > Is this somehow possible by using proxy option in FreeRADIUS, if yes how? Either all your radius servers are proxies to the big company's radius server(s) or you use something like radrelay and just use the accounting information (which contains the detail you need) you don't need the actual packets that are sent to the user, just the accounting info. -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 + Proxy...
Tamer Demir <[EMAIL PROTECTED]> wrote: > Is FreeRADIUS IPv6 compatible? What do you mean by that? Does FreeRADIUS send/receive packets on IPv6 interfaces? No. Does FreeRADIUS send/receive radius packets which contain ipv6 configuration attributes? Sort of. As always, patches are welcome. > And, after the authentication of the user I want to send (proxy) the > authentication packets to another FreeRADIUS server, How can I do > that? Why? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html