Re: URGENT-Setting up filters

Kate Murphy ( kate@bbnplanet.com )
Sun, 13 Apr 1997 09:13:58 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Kate Murphy: "Re: RadiusNT pricing"
Next message: Gary Austin: "CallsOnline"

Hi all!

Attached is the email I sent to the mailing list. I am running out of ideas
to solve this.
The main problem is that RadiusNT is not source code and can not be altered
and re-compiled - it comes as a big .exe file with pre-defined files.

Any response would be GREATLY APPRECIATED!!!

TIA,

Kate
>
>
>>Date: Fri, 11 Apr 1997 08:19:01 -0400
>>To: RadiusNT@emerald.iea.com
>>From: Kate Murphy <kate@bbnplanet.com>
>>Subject: Re: Setting up filters
>>
>>Hi!
>>
>>We have RadiusNT running as part of a distributed security solution. The
NAS client on the RadiusNT box) is actually the Central RADIUS server that
receives the intitial authentication requests - examines the realm or domain
name of the user login (kate@technogeeks.com) and forwards the request to
the RadiusNT box that has the user files for "technogeeks.com" and lists the
Central Radius in the client file as the NAS.
>>
>>The Central RADIUS server is a sparc running another version of RADIUS and
has several Ascend 4000's in the client files as NASs.
>>
>>In the RadiusNT boxes that are set up with users from one or more
domain(realm) names, I would like to set up a filter for when a user dials
into the 1-800 rack, he is disconnected (Central Radius receives a NAK which
goes back to the NAS) - but when they dial into a local NAS - through
Central Radius to the appropriate realm RadiusNT box, they receive an "ACK".
>>
>>I think I can put Framed-Filter=some number and define the filter in the
dictionary file. The question is - should I set up two filters (like in
static routing) like
>>
>>Filter 1 as : nopass (source IP address of 800 rack) (destination IP
address of RadiusNT box)
>or "reject" ....
>or "deny" .....
>or "send Access-reject if NAS Identifier = source IP address of 800 rack
>
>>Filter 2 as: pass (0.0.0.0) (destination IP address of RadiusNT box)
>or "accept"...
>or "permit"...
>or "send Access-accept if NAS Identifier = 0.0.0.0
>>
>>Would this work? I am not sure what the exact syntax should be on the NT
box - any help would be greatly appreciated!
>>
>>Thanks.
>>
>>Kate
>>
>

Previous message: Kate Murphy: "Re: RadiusNT pricing"
Next message: Gary Austin: "CallsOnline"