Re: [RadiusNT] RadiusNT ODBC error

Dale E. Reed Jr. ( (no email) )
Fri, 07 Apr 2000 09:38:18 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Dale E. Reed Jr.: "Re: [RadiusNT] IP Addresses"
Next message: Dale E. Reed Jr.: "Re: [RadiusNT] Radius Monitoring in WUG"
Maybe in reply to: Swick, Forrest: "[RadiusNT] RadiusNT ODBC error"
Next in thread: Graeme Slogrove: "RE: [RadiusNT] RadiusNT ODBC error"

Steven Plautz wrote:
>
> What exactly does checking "Unknown" do? The RadCheckDomain stored
> procedure always returns the 'DEFAULT' server if present and I don't see how
> RadiuNT could know which is the default since the domain field isn't one of
> the fields returned.

It always returns the DEFAULT, but if you read the notes carefully,
the priority of the DEFAULT *MUST* be higher than any other one
(so that DEFAULT is always the last one). Therefore, if you receive
a request from user@blah.com, and blah.com is not configured, it will
still find the DEFAULT and away it goes to that server. This part works
with or without the unknown checked, as its based on the presence of
a domain part (ie, @domain.com).

Checking unknown allows RadiusNT to forward requests of unknown users
to the DEFAULT entry. The difference between this and above is that
this is for users who do NOT have a domain (ie, user johnd tries to
authentication, without a domain, and was not found locally). In this
case it looks specifically for the DEFAULT domain, and forwards the
request on.

> > "Swick, Forrest" wrote:
> > >
> > > Thanks Dale!
> > >
> > > It worked. I was just able to use radlogin to authenticate against the
> > > database!
> > >
> > > Now Any tips on using Proxy.
> > >
> > > Our dial in is Total Control. I want it to look at the RadiusNT box and
> > > authenticate if it the username is found, if no username then roll to a
> 2nd
> > > box with Radius on Unix.
> >
> > This is covered in the RadiusNT documentation, Proxy section:
> >
> > -----------------------------------------------------------------
> > There are several options for configuring the roaming feature in
> > the two above noted tables, RadRoamServer and RadRoamDomains.
> > One of the more useful options is the default domain. If you
> > define a domain as "DEFAULT", RadiusNT/X will send all roaming
> > requests to it that do not have a matching domain. However, you
> > must make sure the priority for the DEFAULT domain is higher than
> > all other domains you have listed. Any domain that has a higher
> > priority than the default domain will be sent to the default
> > domain. The first domain matching the users's domain (or the
> > DEFAULT entry) with the lowest priority is the one used.
> > -----------------------------------------------------------------
> >
> > You define this default entry, then enable User Proxy,
> > Authentication, and Unknown. Then RadiusNT/X will forward any
> > unknown users to that DEFAULT entry.
> >

Dale E. Reed Jr. Emerald and RadiusNT__________________________________________IEA Software, Inc. www.iea-software.com

For more information about this list (including removal) go to:http://www.iea-software.com/support/maillists/liststart

Previous message: Dale E. Reed Jr.: "Re: [RadiusNT] IP Addresses"
Next message: Dale E. Reed Jr.: "Re: [RadiusNT] Radius Monitoring in WUG"
Maybe in reply to: Swick, Forrest: "[RadiusNT] RadiusNT ODBC error"
Next in thread: Graeme Slogrove: "RE: [RadiusNT] RadiusNT ODBC error"