Re: Mutiple Seperate nt domains

>
> 1. a vpn client contacts the cisco box
> 2. the ciscop box forwards the request to the radius server for
> authentication.
> 3. the radius server somehow proxies the request to the windows domain
> server
> 4. the domain server reports back an ok to the radius server?
> 5. the vpn tunnel is setup.
>
> What I can understand about freeRadius is that it is possible to proxy
> authentication requests to other radius servers depending on domain names
> and other fields. Is this correct?

Yes

>
> Is this type of setup even doable with a Radius Server and if so could
> anyone help me in the directions of some solid howto's as I'm fairly green
> working with radius servers.

It's not very hard at all. See the "proxy.conf" file in the
distribution. Broadly speaking, assuming they are all logging in as
"user@domain.com" you need:

modules {
# other modules
realm suffix {
format = suffix
delimiter = '@'
ignore_default = yes
ignure_null = yes
}
}

authorize {
preprocess
suffix
}

....the in proxy.conf for each customer:

realm domain.com {
type = radius
authhost = the.auth.server.domain.com:1812
accthost = the.acct.server.domain.com:1813
secret = TheRadiusSecret
nostrip
}

>
> Hope someone has some input to this type of setup.
>
> Regards
> Christian
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html