Great, thanks to everyone who made suggestions, I'm going to go ahead
and implement according to Alan's suggestion because of the amount of
seperation that it gives and it seems the best way of acheiving this.
One other point, if we are using a an sql backend then the radiusd
process would
Hi,
Do you mean I could seperate users from different realms into different
database tables? Is this what it means my using schemas? So rather
than have one users table, I can have many different tables with users
from different realms? And allow customers access to only the user
table
Alan DeKok wrote:
You would be better of having the customers manage their own RADIUS
servers, and having you just proxy to those servers.
If the customers don't want to manage their own servers, you can
still have a server locally, per-customer. That way, you can give
each customer limited
a schema is a set of tables within a database.
you can have identical table structure and names in each schema.
you would need to fully specify the tables when referring to them.
not 'users' , which is really 'public.users' ,
but for customer foo you could have 'foo.users' and customer baz
Maqbool Hashim [EMAIL PROTECTED] wrote:
Ok so the way this would work is to have an instance of the radiusd
program running for every customer. Just point it at the right
configuration files for the customer and bind it to a different port for
each customer.Then give the customer
I'd like to know if it is possible to allow external customers limited
access to add users to our RADIUS configuration. We manage many
firewalls for different customers. VPN users on the firewalls can be
authenticated via our Freeradius server. So when another VPN needs to
be setup on the
Maqbool Hashim [EMAIL PROTECTED] wrote:
I'd like to know if it is possible to allow external customers limited
access to add users to our RADIUS configuration.
Yes, but it's probably a bad idea.
Is this possible? I know this will involve realms, but how can we get
the customer to update
at the database level you can create a database user and GRANT them
rights on the users table. That would, howeer, allow them to mess
with users of other external customrs. If you tag vpn users so you
can identify to whom the user belongs, you can use an application
which authenticates the
8 matches
Mail list logo