Re: Splitting the password field in freeRADIUS
This is a discussion on Re: Splitting the password field in freeRADIUS within the FreeRADIUS Users forums, part of the Networking and Network Related category; I frontend our secureID server with FR. but that is only doing PAP. The way I do this is radius ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-23-2007
|
|||
|
|||
Re: Splitting the password field in freeRADIUS
I frontend our secureID server with FR. but that is only doing PAP. The way I do this is radius proxy whre the FR is running on the same box different port. I don't understand what you are trying to do here. If a user tried to authenticate you want the PIN to authenticate on radius? and the rest somewhere else? --- "Drumm, Daniel" <dgdrumm@bf.umich.edu> wrote: > > As some of you may know, RSA SecurID servers now > support RADIUS. The > Auth Manager comes with the Funk RADIUS sever > embedded into it, and > supports a number of auth types, including EAP-OTP > as well as the usual > types such as CHAP. > > Is it possible to front end this type of server with > FreeRADIUS, so that > NAS-Clients can send a tokencode prepended to, say, > a Kerberos password > - and have the FreeRADIUS server forward the first 6 > digits of the field > to the RSA server for tokencode validation - and the > remaining charcters > to another RADIUS server, one that front-ends a > Kerberos system? Only > when both fields return true is the authentication > true. > > Is this possible? I was looking at the various > scripting options in > radius.conf, and don't know of anyone who has done > this. Or if it can be > done. > > Thank you. > > Dan. > > > > # > # Pre-accounting. Decide which accounting type to > use. > # > preacct { > preprocess > > # > # Ensure that we have a semi-unique identifier for > every > # request, and many NAS boxes are broken. > acct_unique > > # > # Look for IPASS-style 'realm/', and if not found, > look for > # '@realm', and decide whether or not to proxy, > based on > # that. > # > # Accounting requests are generally proxied to the > same > # home server as authentication requests. > # IPASS > suffix > # ntdomain > > # > # Read the 'acct_users' file > files > } > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __________________________________________________ __________________________________ Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains. http://farechase.yahoo.com/promo-generic-14795097 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
