[RadiusNT] [pop] Re: [Emerald] Emerald and Radius

Dale E. Reed Jr. ( (no email) )
Sun, 14 Feb 1999 18:33:01 -0800

> We have had a get together and decided to evaluate the Emerald suite for
our
> billing etc. Thankyou iea for the extended evaluation period.
>
> Due to the topology of our network we have decided to evaluate the
following
> configuration.
>
> 1. A dedicated and firewalled NT/SQL Server for the emerald software and
> billing component.
> 2. A number of Linux (Red Hat) radius servers in different geographical
> locations around Australia synchronising with Emerald.
> 3. A move to one of the more popular Linux mail servers.
>
> This is difficult when you are already running RadiusNT which
authenticates
> from the NT SAM, but we have worked out a way to do it without interfering
> with current services for our users.

RadiusNT includes a migration option to auth the first time from the NT SAM
and
then replace the user's password in the database (so that all other times
don't need
the NT SAM account). That is the only migration option that I know of that
is
fairly seemless.

> Obviously, we would like the evaluation to go as smoothly as possible and
we
> have a few questions to that end.
>
> 1. Is there a detailed howto on setting up external systems for emerald to
> allow it to synchronise with Linux Radius? (PAM and Users File)

No. Most are fairly custom, depending on what you want to do. Emerald will
export a Livingston/Ascend compatable users file. There is also a
standalone
program called radusers that does that as well. We are working on a
generic
method for syncing the passwd/shadow file, but it will require the OpenLink
ODBC drivers for unix.

> 2. Is there a recommended Linux Radius Server for Emerald accounting?

Not really. You will loose some functionality of Emerald if you use
another RADIUS server that is not integrated into Emerald.

> 3. What specs are recommended for the emerald box given a potential 10,000
> MBR's?

Something like a single/dual PII-300+ with 256mb of RAM and Ultrawide
SCSI should be fine. Disk and memory are the two key components.

> 4. Are there any known issues regarding this type of configuration?

There isn't a cookie cutter type solution for it yet. We are working on
solutions, but don't have any generically available. You might want to
runn accounting to a pair of RadiusNT boxes, even if they don't have
authentication. It makes things a lot eaier.

> 5. Has anyone figured out how to export the usernames and passwords from
SAM
> to the emerald database.

You really can't. RadiusNT supports the migration option if its the
authenticating server, though.

> 6. Is there a web interface for emerald database maintenance? (Adding
Users
> etc)

There are some example ASP and Cold Fusion scripts on our FTP site.

Dale

For more information about this list, including removal,
please see http://www.iea-software.com/maillist.html

For more information about this list, including removal, please
see this URL: http://www.iea-software.com/maillist.html