Re: [Help-gnu-radius] Help to differenciate type of service in a authent

help-gnu-radius

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] Help to differenciate type of service in a authent

From:	Luís Conrado Andrade
Subject:	Re: [Help-gnu-radius] Help to differenciate type of service in a authentication request
Date:	Fri, 07 Dec 2007 09:57:06 -0200

        Sergey,

        My problem is that I don't have the NAS list. The telephone company
doesn't give me that. They only send me the IP address from their
proxy-radius. So, I have the list of proxies but I don't have the list
of NASes.

        I can't distinguish between broadband and dialup clients based on
REALM, they all use the same realm for my domain.

        State that, I would say that running two copies of radius on the same
machine would solve my problem, since I have boadband clients
authenticating on port 1645 and dialup clients authenticating on port
1812. Is there any problem that I will face doing that? I've tested
radiusd, and I know that this is possible. Other programs like radwho,
radlast and radzap will work?

        Can you give me the direction on how implement the parameter to check
on wich port of the radius server the request has arrived?

        Thanks in advance,

                Conrado
        
Em Qua, 2007-12-05 às 18:28 +0200, Sergey Poznyakoff escreveu:
> =?ISO-8859-1?Q?Lu=EDs?= Conrado Andrade <address@hidden> ha escrit:
> 
> >     I've configured gnu-radius to use mysql authentication and used thean
> > NAS-ip-address distinguish between broadband and dialup. This is a
> > problem to me since I have to create a list of all NASes that each
> > resource have.
> 
> It is not necessary, there are at least two ways to avoid it:
> 
> 1. Both raddb/naslist and raddb/clients files allow to specify hosts
> using CIDR notation, e.g.:
> 
> 10.10.0.0/24                    nas-1   as5600  community=public
> 10.10.10.1/255.255.255.224      nas-2   true
> 
> 2. Both files allow to use DEFAULT keyword, which will match any NAS not
> otherwise specified in the file.
> 
> >     1- Is there a authentication parameter that indicates from wich proxy
> > IP the request arrived?
> 
> The Realm-Name attribute is added to each request *sent* to a remote
> proxy. Proxy replies carry the Proxy-Replied=1 A/V pair. Proxy requests,
> however, are not marked with any special attribute.
>  
> >     2- From historic reasons, DialUP radius request arrives at port 1812
> > and broadband at port 1645, is ther an attibute to identify the port
> > where the request arrived?
> 
> No, there's no such attribute either.  However, both are easy to
> implement.
> 
> Regards,
> Sergey

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnu-radius] Help to differenciate type of service in a authentication request, Luís Conrado Andrade, 2007/12/05
- Re: [Help-gnu-radius] Help to differenciate type of service in a authentication request, Sergey Poznyakoff, 2007/12/05
  - Re: [Help-gnu-radius] Help to differenciate type of service in a authentication request, Luís Conrado Andrade <=
    - Re: [Help-gnu-radius] Help to differenciate type of service in a authentication request, Sergey Poznyakoff, 2007/12/13
    - Re: [Help-gnu-radius] Help to differenciate type of service in a authentication request, Sergey Poznyakoff, 2007/12/13

Prev by Date: [Help-gnu-radius] FW: free radius with radauth acepting only for username as root @ passwd as root123?
Next by Date: Re: [Help-gnu-radius] Help to differenciate type of service in a authentication request
Previous by thread: Re: [Help-gnu-radius] Help to differenciate type of service in a authentication request
Next by thread: Re: [Help-gnu-radius] Help to differenciate type of service in a authentication request
Index(es):
- Date
- Thread