Novell RADIUS Services can be configured to receive the following types of requests from another RADIUS server (proxy server), or to act as a RADIUS proxy and send requests to another RADIUS server:
A Novell RADIUS Services server can be configured to receive authentication requests from another RADIUS server (the RADIUS proxy) or to act as a RADIUS proxy and send requests to a target RADIUS server.
A user's access request (user ID and password) is sent to a proxy server if it cannot be authenticated by a local RADIUS server. The RADIUS proxy server forwards the access request to a proxy target server that can authenticate the user. The proxy target server checks the information in the user access request and either accepts or rejects the request. If the proxy target server accepts the request, it returns configuration information specifying the type of connection service (such as Point-to-Point Protocol [PPP] or Telnet) to deliver to the user.
Users who log in with a domain that has been configured to use the local NDS tree will be authenticated by the RADIUS server. Users who log in with another domain name will have their RADIUS communications sent to the proxy target server for their domain. A user can specify the target domain at login time by appending the username with an @ followed by the domain name.
NOTE: The syntax is similar to the Internet e-mail address syntax; however, the domain name is not restricted to Domain Name System (DNS), although DNS names might be convenient to use. For example, Jane, an employee of Acme, would be authenticated by the company's RADIUS server by entering her username as jane@acme.com.
A Novell RADIUS Services server can be configured to receive accounting requests from another RADIUS server (the RADIUS proxy) or to act as a RADIUS proxy and send accounting requests to another RADIUS server. Refer to ConsoleOne online help for information about specific configuration procedures.