From owner-freebsd-hackers  Sat Mar 14 12:57:35 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA01536
          for freebsd-hackers-outgoing; Sat, 14 Mar 1998 12:57:35 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from brane.digs.iafrica.com (brane.digs.iafrica.com [196.7.162.25])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id MAA01435
          for <hackers@freebsd.org>; Sat, 14 Mar 1998 12:55:37 -0800 (PST)
          (envelope-from iang@digs.iafrica.com)
Received: from digs.iafrica.com [127.0.0.1] 
	by brane.digs.iafrica.com with esmtp (Exim 1.71 #1)
	id 0yDxxh-0007fS-00; Sat, 14 Mar 1998 22:55:21 +0200
To: ken@mui.net
cc: hackers@FreeBSD.ORG
Subject: Re: radius? 
In-reply-to: Your message of "Mon, 09 Mar 1998 13:02:16 GMT."
             <199803092306.NAA16334@rocksalt.mui.net> 
X-Attribution: BOFH
Date: Sat, 14 Mar 1998 22:55:21 +0200
From: Ian Freislich <iang@digs.iafrica.com>
Message-Id: <E0yDxxh-0007fS-00@brane.digs.iafrica.com>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Ken wrote:

> There are going to be 2 locations.  Site A and site B have 2 different
> user databases.  How does one set things up so that if they aren't
> in site A, then it passes it to site B? or is there a better way to
> handle this?
>
> Does it have something to do with Radius?

You can use the elm authentication provided by the Merit Radius server.

>From 'authfile':
#       This file contains a list of "realm" names which represent
#       authentication systems which may be used to authenticate a user.
#       Normally the user specifies the system where authentication is to
#       be performed by appending a realm name to his/her user id.  For
#       example, "joe@xyz" indicates that user joe wants to be authenticated
#       by realm xyz.  It is the purpose of this file to map the realm name
#       "xyz" to the actual DNS name of the authentication system and the
#       authentication protocol to be used.

You just get your users to login as 'user@siteA' or 'user@siteB'
and configure your radius server using the authfile to pass queries
for the other site on to the second radius server.

I'm going to be playing with this feature soon so the we can provide
a 'virtual ISP' service.

Of course, if the password files are reasonably static, it might
be easier just to sync them although I think that there will be
more maintenance involved (and things to go wrong) if you go that
route.

I've also made a couple of changes to this server that you may be
interested in.

-- igf (Ian Freislich)
http://copernicus.cpt.tech.iafrica.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message