Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(ASCEND) Steel-Belted RADIUS, RADIATOR, or AAC
Group,
I sent this 3 days ago and have yet to get any feedback. Can any commercially
available RADIUS product do this ?
One possible solution, is to have a RADIUS service that separates the users
file,
i.e. vpn.users, max.users, 3com.users. Where a user may be in one or more
of these ".users" files, yet be given the correct RADIUS "reply-items" unique
to the NAS server the user accessed.
Sincerely,
Nelson Llabona
-----Original Message-----
...
I would like to know if any of you have ran into this yet, and if so
what
you did to solve this problem.
We are currently evaluating Steel-Belted RADIUS.
We would like to support VPN and Ascend Dial-In service using 1 RADIUS
server.
All RADIUS authentication requests would be forwarded to NT.
Here is my dilema,
user_A belongs to the VPN NT group and needs x specific RADIUS reply
attributes.
user_B belongs to the ASCEND NT group and needs y specific RADIUS reply
attributes.
user_C belongs to both the VPN and ASCEND NT group and
needs x specific RADIUS reply attributes when connecting through
VPN,
but need y specific RADIUS reply attributes when dialing in
through ASCEND.
I think I can support user_A and user_B, using the
NAS-Identifier IP address as a check item.
But what do I do about user_C.
If I understand the way radius works, sequentially, or top down,
then the following will happen if user_C is defined in the VPN
NT group AND the ASCEND NT group.
If user_C comes in through VPN and RADIUS goes sequentially down
the "users" file and finds his account in the VPN NT group he is
authenticated and given the correct x attributes.
If user_C comes in the ASCEND and RADIUS goes sequentially
down the "users" file, it find his name in the VPN NT group,
but the NAS-Identifier check item is invalid, so authentication
fails. RADIUS does not continue to look through the rest of the "users"
file to find his other user_C account under the ASCEND NT group.
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>