help-gnu-radius
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] About proxying (fwd)


From: Maurice Makaay
Subject: Re: [Help-gnu-radius] About proxying (fwd)
Date: Mon, 24 Nov 2003 12:33:47 +0100

Hi,

> I thought that in clients-file you can only list the nas-clients that make 
> authentication requests? So do I only put the ip-address of the remote 
> Radius and the shared key there? Do I also have to define something to 
> client.conf and naslist files about the remote Radius?

No, that wouldn't be neccessary. The client.conf is only used by radius
client applications for gnu-radius (radauth). It's not used by the radius
server. You do not have to edit the naslist. The only real reason to edit
that list is if you want to communicate with the NAS via snmp to find out
if a certain user is still online or not. NAS auth requests will work, even
without a naslist entry.

I agree that one would suspect the existance of a "servers" file, because
in proxying your server is a client, but using two separate files for 
setting secrets would be superfluous. Just pretend the "clients" file 
is called "radiussecrets" and things will get much clearer.

> And what about the users-file? If I want to authenticate for example 
> address@hidden with remote Radius, do I have to add this user also to the 
> users-file of the local Radius? And can I add to the local 
> Radius the Service-Type and Cisco-av-pair of hte user? Or do I have to 
> define this cisco-av-pair to remote Radius?

In case you login using @whatever, the complete request will be proxied
to the remote radius. The local users file will be completely ignored.
The local server will just send the authentication attributes to the
remote server and return all attributes it gets back from that server
to the NAS (so it's really a proxy in the basic understanding of the word). 

> And thank you a lot!!

You're welcome.

Regards,

-- Maurice Makaay




reply via email to

[Prev in Thread] Current Thread [Next in Thread]