Salut Fr�d�ric - comment va la belle France?
On Fri, 30 Jul 1999, Fr�d�ric GARGULA wrote:
> My old Radius proxy is dead, so I'm building a new one using Radiator.
>
Excellent idea!
> The old one was running Radius DTC 2.03.
> I didn't find the configuration file, but I found the users file.
> In that file, there is the config for handling runneling from one of the
> clients.
>
I presume that all of your equipment is DTC?
> DEFAULT Password = "PROXY", Suffix="@toto.org",
> DTC-AP-Name="ClientWithTunnel"
> User-Service = 2,
> DTC-Auth-Allow = "",
> DTC-Auth-Port = 1812,
> DTC-Auth-Server = xxx.xxx.xxx.xxx,
> DTC-Auth-Secret = "topsecret",
> DTC-Acct-Port = 1813,
> DTC-Acct-Server = xxx.xxx.xxx.xxx,
> Tunnel-Type = Tunnel-L2F,
> Tunnel-Medium-Type = Tunnel-IP,
> Tunnel-Client-Endpoint = "[EMAIL PROTECTED]",
> Tunnel-Server-Endpoint = "@toto_example",
> Tunnel-Password = "yyyyyy"
>
All of this looks quite straightforward, provided we have the correct radius
dictionary that defines the above attributes. Have you found that?
>
> My question is : How do I convert that config to suit Radiator ?
> I think I can use a
> <Realm toto.org>
> <AuthBy RADIUS>
> Host radius.toto.org
> AuthPort 1812
> AcctPort 1813
> Secret topsecret
> </AuthBy>
> </Realm>
>
You will not be able to do this with a <Realm toto.org>, as it is
the same in both cases, so I think Handlers would be better in this case.
I will also need to know how your other users are defined, and how they enter
their usernames to verify that my suggestions will work.
My assumption here is that the tunnel creation is part of the user
authentication - there is another possibility too, which is that the tunnel
creation occurs as a separate transaction before the user is authenticated.
However based on the two fragments that you have provided it looks to me like
its part of the user authentication.
# Standard configuration parameters
Foreground
LogStdout
LogDir .....
DbDir .....
AuthPort 1812
AcctPort 1813
<Client .....>
.....
</Client>
# Define a Handler for "ClientWithTunnel"
<Handler DTC-AP-Name="ClientWithTunnel">
<AuthBy FILE>
Filename ....
AddToReply User-Service = 2,
DTC-Auth-Allow = "",
DTC-Auth-Port = 1812,
DTC-Auth-Server = xxx.xxx.xxx.xxx,
DTC-Auth-Secret = "topsecret",
DTC-Acct-Port = 1813,
DTC-Acct-Server = xxx.xxx.xxx.xxx,
Tunnel-Type = Tunnel-L2F,
Tunnel-Medium-Type = Tunnel-IP,
Tunnel-Client-Endpoint = "[EMAIL PROTECTED]",
Tunnel-Server-Endpoint = "@toto_example",
Tunnel-Password = "yyyyyy"
</AuthBy>
</Handler>
#Define a Handler for "ClientWithoutTunnel"
<Handler DTC-AP-Name="ClientWithoutTunnel">
<AuthBy FILE>
Filename ......
AddToReply Service-Type = Framed-User,
DTC-Auth-Allow = "",
DTC-Auth-Port = 1812,
DTC-Auth-Server = xxx.xxx.xxx.xxx,
DTC-Auth-Secret = "topsecret",
DTC-Acct-Port = 1813
</AuthBy>
</Handler>
>
> but I have to make the difference between clients that use the tunnel
> and client that don't use it
>
> (in the old users file, I have also this :
>
> DEFAULT Password = "PROXY", Suffix="@toto.org",
> DTC-AP-Name="ClientWithoutTunnel"
> Service-Type = Framed-User,
> DTC-Auth-Allow = "",
> DTC-Auth-Port = 1812,
> DTC-Auth-Server = xxx.xxx.xxx.xxx,
> DTC-Auth-Secret = "topsecret",
> DTC-Acct-Port = 1813,
> )
>
> How can I handle the tunnel, depending of the client ?
>
There must be another part of the original configuration (perhaps in the
equipment itself) that generates the DTC-AP-Name check item.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
