Join 3,416 readers in helping fund MetaFilter (Hide)


RADIUS without realms?
November 14, 2007 9:15 AM   Subscribe

RADIUS without realms?

I have been searching for a solution to this, to no avail. We are using RADIUS to authenticate users for network access using login name/password and @realm.

I would like to do away from the @realm completely, however we use two different RADIUS servers. Which server a user authenticate is currently determined by a RADIUS proxy server using the users @realm.

Is there a way to forward RADIUS requests to the appropriate RADIUS server based on the client IP address?

Or is there a way for a RADIUS proxy to query one server, and not getting a positive response, then query the other server?
posted by doomtop to Computers & Internet (3 answers total)
 
All of that is possible, sure.

Download FreeRADIUS. I'm pretty sure its configuration file can handle what you described. (Disclosure: I worked on that project for several months, about 10 years ago. Yay, Free software!)

OTOH, why do you want to get rid of the realm-qualification? You have a good reason, right?
posted by cmiller at 1:05 PM on November 14, 2007


I have a good reason. I have been reading FreeRADIUS documentation and could not see any provisioning for this type of setup.
posted by doomtop at 7:10 AM on November 15, 2007


It's there. I've done something very similar myself, for a few hundred RADIUS clients and 20 or so realms.

It's not a single LikeDoomtopWantsIt configuration flag. You have to put a few pieces together.
posted by cmiller at 10:17 AM on November 15, 2007


« Older I'm a post-Ph.D. (not computer...   |  Can I apply for a full-time po... Newer »
This thread is closed to new comments.