RADIUS without realms?
November 14, 2007 9:15 AM Subscribe
RADIUS without realms?
I have been searching for a solution to this, to no avail. We are using RADIUS to authenticate users for network access using login name/password and @realm.
I would like to do away from the @realm completely, however we use two different RADIUS servers. Which server a user authenticate is currently determined by a RADIUS proxy server using the users @realm.
Is there a way to forward RADIUS requests to the appropriate RADIUS server based on the client IP address?
Or is there a way for a RADIUS proxy to query one server, and not getting a positive response, then query the other server?
I have been searching for a solution to this, to no avail. We are using RADIUS to authenticate users for network access using login name/password and @realm.
I would like to do away from the @realm completely, however we use two different RADIUS servers. Which server a user authenticate is currently determined by a RADIUS proxy server using the users @realm.
Is there a way to forward RADIUS requests to the appropriate RADIUS server based on the client IP address?
Or is there a way for a RADIUS proxy to query one server, and not getting a positive response, then query the other server?
Response by poster: I have a good reason. I have been reading FreeRADIUS documentation and could not see any provisioning for this type of setup.
posted by doomtop at 7:10 AM on November 15, 2007
posted by doomtop at 7:10 AM on November 15, 2007
It's there. I've done something very similar myself, for a few hundred RADIUS clients and 20 or so realms.
It's not a single LikeDoomtopWantsIt configuration flag. You have to put a few pieces together.
posted by cmiller at 10:17 AM on November 15, 2007
It's not a single LikeDoomtopWantsIt configuration flag. You have to put a few pieces together.
posted by cmiller at 10:17 AM on November 15, 2007
This thread is closed to new comments.
Download FreeRADIUS. I'm pretty sure its configuration file can handle what you described. (Disclosure: I worked on that project for several months, about 10 years ago. Yay, Free software!)
OTOH, why do you want to get rid of the realm-qualification? You have a good reason, right?
posted by cmiller at 1:05 PM on November 14, 2007