[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Help-gnu-radius] Failthru proxying?
From: |
Frank Matthias |
Subject: |
RE: [Help-gnu-radius] Failthru proxying? |
Date: |
Thu, 11 Jul 2002 09:00:55 +0200 |
Hi,
I had a similar problem some time ago.
I solved this with help of PAM.
raddb/users:
DEFAULT Auth-Type = Pam,
Pam-Auth = radius
Service-Type = Login
...
user Auth-Type = Local,
Password = "xxx"
Service-Type = Framed,
Framed-Protocol = PPP,
/etc/pam.conf
radius account required /usr/lib/security/pam_permit.so
radius auth required /usr/lib/security/pam_radius_auth.so
/etc/raddb/server:
1.1.1.1:1645 secret 3
1.1.1.2:1645 secret 3
Your problem seems a little bit diffrent, but I think with the right
PAM configuration, you can solve it.
Good luck
Matthias
> -----Original Message-----
> From: Scott Call [mailto:address@hidden
> Sent: Wednesday, July 10, 2002 7:34 PM
> To: Cornel Cristea
> Cc: address@hidden
> Subject: Re: [Help-gnu-radius] Failthru proxying?
>
>
> This would work assume I had control of both Radius servers, which I
> don't.
>
>
> What I need is more like:
>
> DEFAULT Auth-Type = Local,
> Password-Location = SQL
> Fall-Through
>
> DEFAULT Next-Server = xxx.xxx.xxx.xxx
>
> or something like that, so when it fails it tries the next server down
> the line.
>
> Thanks
> -Scott
>
>
> On Tue, 2002-07-09 at 01:45, Cornel Cristea wrote:
> > Hi
> >
> > I was searching something like that but I didn't find anything.
> > So I thought that a feature like in tacacs -
> > IF user_not_fount THEN do
> > stay quiet (do not send reject nor ack ...)
> > will help, having 2 or more radius server configured on NAS-es
> >
> > Did someone encountered this situation ?
> >
> > Cornel Cristea
> >
> >
> > ----- Original Message -----
> > From: "Scott Call" <address@hidden>
> > To: <address@hidden>
> > Sent: Wednesday, July 03, 2002 10:15 PM
> > Subject: [Help-gnu-radius] Failthru proxying?
> >
> >
> > > Hello!
> > >
> > > I've been tasked with converting our ancient Livingston
> Radius based
> > > AAA system to something a bit more modern.
> > >
> > > I've gotten GNU-Radius up and running, coverted my users
> file to SQL
> > > and gotten everything working that way.
> > >
> > > My question is, and I've searched the docs and the
> mailing list and
> > > can't find the answer to my specific boggle so I figured
> I would ask all
> > > you fine folks.
> > >
> > > Can GNU-Radius to fail-through authentication? ie if
> auth fails on the
> > > local server can it then proxy to another radius server?
> I know I can
> > > do this with realms but what I'm really looking for is a
> query that
> > > looks like:
> > >
> > > If (Radius Username = Caller's Username) AND (Radius Password =
> > > Caller's Password) then success
> > > else proxy to other server.
> > >
> > > Can this be done?
> > >
> > > many thanks
> > > -Scott
> > > --
> > > Scott Call Router Geek, ATGi, home of $6.95 Prime Rib
> > > "...Everything's going to be just great again!"
> > >
> > >
> > > _______________________________________________
> > > Help-gnu-radius mailing list
> > > address@hidden
> > > http://mail.gnu.org/mailman/listinfo/help-gnu-radius
> > >
> >
> >
> > _______________________________________________
> > Help-gnu-radius mailing list
> > address@hidden
> > http://mail.gnu.org/mailman/listinfo/help-gnu-radius
> --
> Scott Call Router Geek, ATGi, home of $6.95 Prime Rib
> "...Everything's going to be just great again!"
>
>
> _______________________________________________
> Help-gnu-radius mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/help-gnu-radius
>