Re: [RadiusNT] User based proxy

Dale E. Reed Jr. ( (no email) )
Fri, 10 Dec 1999 13:29:05 -0800

"S.Tumurbaatar" wrote:
>
> In RadiusNT Admin there're 2 additional checkboxes near User based proxy
> checkbox: Unknown and Echo. What do they mean?

unknown allows you to forward all unknown users to another RADIUS
server (configure a domain named DEFAULT in the RadRoamDomains table).

Echo means echo back the auth request attributes after the reply
attributes. It should NOT be used in any general implementation.

> Also I'm going to test user based proxy feature. As I understand,
> the proxying radius server does following things:
> 1. Checks an incoming request's IP to determine whether it from registered
> server

This is a generic step, not proxy specific.

> 2. If yes and User proxy is enabled, then unpacks the packet with the secret
> of the above
> terminal server and checks a domain part of the username.

Checking the secret is also a generic step, not proxy specific. The
2.5.2xx version can remove the domain from the username, without
proxy as well (trim name feature, although it does remember the domain
for proxy, if proxy is enabled).

> 3. If there's a roam server registered for this domain, re-packs this packet
> with secret of
> the roam server. Before packing, it removes the domain portion becouse I
> checked
> Strip domain checkbox on the roam server configuration. Other things are
> packed without
> modification.

Correct. It does add Proxy-State to the packet as well, though.

> 4. Forwards packet to the secondary server.
>
> On the secondary radius server I registered the real client (terminal
> server) which is sending
> requests, but IP and secret are of the 1st radius server. Also becouse I
> hope that the

You don't have to register the terminal server, just the RADIUS server
the sends the request.

> 1st server will remove the domain portion, on the 2nd server I registered
> usernames without
> domain.

Thats correct.

> Finally, I checked (at Advanced Tab of the 1st server admin) User based
> proxy,
> Acc and Auth checkboxes.
>
> Becouse the 1st server is running server and now there're a lot of users
> connected,
> I cannot reboot it until night. Before testing I decided to send this
> message. May be
> someone can tell me whether I've forgot something or doing wrong.

Sounds like everything is ok. Should only take a couple of seconds to
restart the RadiusNT service on the first server.

-- 

Dale E. Reed Jr. Emerald and RadiusNT__________________________________________IEA Software, Inc. www.iea-software.com

For more information about this list (including removal) go to:http://www.iea-software.com/support/maillists/liststart