[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Configuring Directed Authentication

Directed authentication is used when the service provider manages retailer ISPs. This means that the service provider holds the ISP's end-customer information in its LDAP server, but is not responsible for the data. This data is stored in a separate subtree within the LDAP server.

It is possible that unique identifiers exist in the retailer ISP realm, which might already exist in the service provider realm, or in some other retailer ISP realm. This authentication method allows you to set a different search base, based on the realm name, which is submitted at login time.

Consider an example where the ISP "Virneo" is handled within the service provider's LDAP directory. The service provider and the ISP agreed to use the realm name virneo.com.

To configure directed authentication for this example:

  1. Enable the realm feature on the RADIUS server (setting parameter in radius.ini):
  2. [Configuration]
    
    ExtendedProxy = 1
    
    
    
  3. Register the realm name with Steel-Belted Radius/SPE (setting parameter in proxy.ini):
  4. [Directed]
    
    virneo.com
    
    
    
  5. Create a realm configuration file called virneo.com.dir

    NOTE: The filename must be identical to the realm name specified in the previous step.


  6. Register the authentication method (LDAP) with the realm (setting parameter in isp1.com.dir):
  7. [AuthMethods]
    
    VIRNEO.COM
    
    
    

    NOTE: The string specified in the [AuthMethods] section must be identical to the LDAP initialization string from the to-be-created authentication file (virneo.com.aut).

  8. Enable directed authentication (setting parameter in virneo.com.dir), and strip the realm name:
  9. [Auth]
    
    Enable = 1
    
    StripRealm = 1
    
    
    
  10. Enable directed accounting (setting parameter in isp1.net.dir):
  11. [Acct]
    
    Enable = 1
    
    
    
  12. Define the LDAP configuration interface for directed authentication (creating authentication file virneo.com.aut):

This step is identical to a step mentioned in the Configuring LDAP Authentication section. The initialization string in the bootstrap section must be identical to the authentication method, which is specified in virneo.com.dir. For example:

[Bootstrap]

LibraryName=ldapauth.so

Enable=1

InitializationString=VIRNEO.COM

Further details about the proxy configuration and directed realm configurations can be found in the Steel-Belted Radius/SPE manuals.


[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]