Re: (ASCEND) multiple clients using *one* rad server

[Corey <corey@virtual-impact.com>]

On Tue, 14 Jul 1998, Tony Porczyk wrote:

> Corey wrote:
> 
> > Anyway, I have been unable to figure out if there's a way to have
> > multiple clients query a single radius server while configuring it
> > so that only certain user profiles are able to be authenticated
> > only from specific clients.
> 
> Let me see if I understand correctly:
> 
> 1. You want to run radius on *one* UNIX host
> 		- or -
> 2. You want to run one instance of radius auth server
> 
> If (1), you can simply run multiple instances of radiusd on one host.
> Each instance would use a different users file and would listen on a
> different port.  Each of your routers would then send auth requests to
> a different port.
> 
	
	And the correct answer is! ...  ( drumroll )  .....  Number 1 !!  

	What I'm looking for specifically, though, is a way around 
	the need for more than one instance of radiusd running
	on one server ( or on two different servers ) - mainly so that we
	only have to maintain one users file and one daemon... 
	Give me convenience or give me death!
	(c;

> I assume the phone numbers will be given out acordingly, so your users
> will not experience regular access denials :-)
> 
	Actually, we *don't* want our users to have access through *both*
	routers - but rather just through one specific router.
	Thing is - we're running an operation here where security is of
	the essence.

	The NETServer is for our dial-in users, while the MAX is for access 
	to our secure network. Currently, if a user were to somehow discover 
	the line number of the MAX, he could simply log into it using the same 
	passwd he uses for the NETServ and completely circumvent our security
	precautions. This works because both routers query the same radiusd
	port and daemon and users file.  What I'm looking for is a way to keep 
	this setup, but to more strictly dictate who gets authenticated from 
	where.

	The likelyhood of one of our users discovering the number to the 
	other router may be highly slim - but it's a loose-end nonetheless. 


Beers,

Corey
corey@virtual-impact.com


++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

---

References:

• Re: (ASCEND) multiple clients using *one* rad server
• From: Tony Porczyk <tporczyk@best.com>

---

• Prev by Date: RE: (ASCEND) Call-logging?
• Next by Date: RE: (ASCEND) Max4048 won't answer the lines
• Prev by thread: Re: (ASCEND) multiple clients using *one* rad server
• Next by thread: Re: (ASCEND) multiple clients using *one* rad server
• Index(es):
  • Main
  • Thread