'Re: Radius + LDAP + Simultaneous Use'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cistron-radius
Subject:    Re: Radius + LDAP + Simultaneous Use
From:       "TimJ" <frml () eggserver ! tallships ! ca>
Date:       2002-10-12 12:50:52
[Download RAW message or body]

I have a similar setup. I've taken over running two ISPs. One uses a SQL
database, the other uses /etc/passwd file. We share modem pools as well.
What I've done is setup a separate machine that does all the accounting, and
proxies each realm to the appropriate radius server for each company. The I
setup the Simultaneous Use on each realm. Since that server only sees auth
requests for it's own realm it shouldn't confuse them (I've not actually
implemented it yet, but a radwho on each shows only the proper user). Like I
said, not quite the same situation, but it may help you.

Tim

We share modem pools now
> >
> > $1 = nas_type
> > $2 = nas_ip
> > $3 = nas_port
> > $4 = login
> > $5 = session_id
> >
> > In particular, nas_port is what the NAS passes in the NAS-Port
accounting
> > attribute, and session_id is the Acct-Session-Id. You'll need to look at
> > your detail files to see what format your NAS sends the Session-Id in,
and
> > compare it to the active sessions listed when querying the NAS.
> >
> > Note: be aware that some NAS's (I think the MAX TNT is one) add an extra
> > suffix that shows up in the queried session stats which it doesn't send
in
> > the Acct-Session-Id, so verify what your NAS does.
> >
> > Username alone is never unique if you use realms, but the combination of
> > Username and NAS-Port, or Username and Session-ID (better) or Username,
> > NAS-Port and Session-Id (better still) are unique.
> >
> > Regards,
> > Simon
>
> That seems like a good idea, but the port that was being checked was the
> one that the user from isp-1 was logged on to!  This means (to me), that
> when radius looks the user up internally it confuses the realms even
> before checkrad is called.  I'm pretty sure I wouldn't have a problem if
> radius could tell the difference between realms and only checked a user
> from the realm given.
>
>
> --
> Jay Janssen
> Systems Administrator
>
>
> -
> List info/subscribe/unsubscribe? See http://www.radius.cistron.nl/list/


- 
List info/subscribe/unsubscribe? See http://www.radius.cistron.nl/list/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic