Good morning,
Today I installed an evaluation version of Radiator and I'm trying to configure
it in a way that matches the procedure of our current RADIUS server.
What happens in the current environment with an incoming RADIUS Request is the
following:
1) A so-called 'Realm' is selected based on the username. It first
searches for a record with the complete username (u...@domain.ext). If this
doesn't exist it uses the last portion of the username (everything after the
'@'). The realm to select is in an SQL database. An SQL query is executed with
the username as parameter to determine the realm. (Realms include realmRADIUS /
realmLDAP / realmSQL, in fact the different authentication backends used).
2) After the realm is determined, the user is authenticated based
on attributes like NAS-Port-Type, Service-Type, Username and Password. For
example, if the realmLDAP is selected the user is authenticated against an LDAP
backend. The settings for the LDAP server to authenticate by is stored in the
same SQL database. Again, an SQL query is used to retrieve the LDAP server,
LDAP bind user, LDAP search filter (and so on) with parameters gathered from
the RADIUS request. Also group membership check using LDAP is performed.
The same method is used for the realmRADIUS (which uses a query
to retrieve RADIUS server details like shared secret instead of LDAP server
details).
realmSQL uses an SQL database to authenticate with.
3) After the user gets authenticated other SQL queries are run to
generate RADIUS attributes which are added to the Access-Accept message.
So, what am I looking for? I'd like to reproduce the scenario above in
Radiator.
- I haven't find a way to dynamically determine the Realm (or
Handler?) to use based on the properties described in step 1.
- If a realm/handler gets selected, I'd like to dynamically set
the properties to use (for example the LDAP server and filter) for that
specific request based on information from an SQL database. The way I see it at
the moment is that I need to create Handlers for all LDAP servers / RADIUS
servers and other domains. Since I'd like to get this information from the
database where it is in now, I doubt it is a good idea to add all these
Handlers to the config file. Is there a way to get this info from a database?
I hope you can help me out with these question and I look forward hearing from
you.
Best regards,
PROXSYS*
Remco van Noorloos
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
