Re: limiting Access rights for Remote user by Proxying Radius Server
On Fri, 7 Jan 2005, Cool Man wrote: > Hi , > > My question is how can we send a certain attribute to > NAS based on some information or reply from Remote > Radius server. > > My set up looks like > > > (NAS)<-->(Local Radius)<--->(Remote Radius) > > Now if I proxy an authentication request to Remote > radius server it looks verfies the user and by looking > into a certain huntgroup attributes, it sends back > some information about the user to local radius > sever. now by viewing these attributes coming from > remote radius server local server will decide that > which VLAN is assigned to the user. > > The VLAn is managed by Local domain so we cannot > communicate the VLANs to remote radius server. > > Is this pssoble What I have described. If possible, > how? > > Any idea any suggestion will be appreciated alot. > > Thanks. > Raza. > Check out doc/rlm_attr_filter. If you are deciding on the vlan based on a realm, then this is probably what you want. Otherwise, you may want to look at calling an external program in the post_proxy section. You could use the exec module for that. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
limiting Access rights for Remote user by Proxying Radius Server
Hi , My question is how can we send a certain attribute to NAS based on some information or reply from Remote Radius server. My set up looks like (NAS)<-->(Local Radius)<--->(Remote Radius) Now if I proxy an authentication request to Remote radius server it looks verfies the user and by looking into a certain huntgroup attributes, it sends back some information about the user to local radius sever. now by viewing these attributes coming from remote radius server local server will decide that which VLAN is assigned to the user. The VLAn is managed by Local domain so we cannot communicate the VLANs to remote radius server. Is this pssoble What I have described. If possible, how? Any idea any suggestion will be appreciated alot. Thanks. Raza. --- Robert Ulbrich <[EMAIL PROTECTED]> wrote: > Hi all, > > I am sure I saw somebody ask this recently, but I > cannot find it. How > can I setup radius to accept all requests from a > particular NAS, based > on the NAS ip address? > > AtDhVaAnNkCsE, > > Robert Ulbrich > Dynamic Information Systems > 1700 George Bush East Ste. 200 > College Station, TX 77840 > (979) 695-6463 > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > __ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxying Radius server
On Wed, Sep 08, 2004 at 02:43:34AM -0700, Cool Man wrote: So, use the 'nostrip' option in the realm configuration. > Hi , > > I am using freeradius 1.0.0 for proxying pupose. > > I have seen a small problem with my proxy test. I have a radius server acting as > proxy which forwards the packets to another radius server. Further, I have also > enabled proxying on second radius server. > > > Client --(Proxy radius > server)(Radius Server). > > Now my problem is when I enter the user name like [EMAIL PROTECTED] the proxy radius > server Strippes of the realm while forwarding the packets to actuall radius server. > > I see this problem because if the actuall radius server need to decide wether it > should forward the user credential to another server then the realm information is > not there. > > This is similar like hop by hop forwarding the request to radius server untill it > finds the desired one. > > Could anyone explain this and explain why freeradius strippes of the realm from > username while forwarding the request to another server. > > Thanks > Raza. > > > - > Do you Yahoo!? > New and Improved Yahoo! Mail - 100MB free storage! -- Kostas Zorbadelos Systems Developer, Otenet SA mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxying Radius server
Hi , I am using freeradius 1.0.0 for proxying pupose. I have seen a small problem with my proxy test. I have a radius server acting as proxy which forwards the packets to another radius server. Further, I have also enabled proxying on second radius server. Client --(Proxy radius server)(Radius Server). Now my problem is when I enter the user name like [EMAIL PROTECTED]. the proxy radius server Strippes of the realm while forwarding the packets to actuall radius server. I see this problem because if the actuall radius server need to decide wether it should forward the user credential to another server then the realm information is not there. This is similar like hop by hop forwarding the request to radius server untill it finds the desired one. Could anyone explain this and explain why freeradius strippes of the realm from username while forwarding the request to another server. Thanks Raza. Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage!
