Configuring a proxied and local authentication
Samuel Degrande
Samuel.Degrande at lifl.fr
Fri Dec 2 19:13:50 CET 2005
Alan DeKok wrote:
> Samuel Degrande <Samuel.Degrande at lifl.fr> wrote:
>
>>I don't find a way to add a NAS-Identifier value inside the proxied
>>request, so that B server could check it...
>
>
> That's because the NAS didn't send it. FreeRADIUS doesn't add one,
> so...
>
>
>>I tried:
>><username> Proxy-To-Realm := <realm>, NAS-Identifier := <id>
>>and
>><username> Proxy-To-Realm := <realm>, NAS-Identifier += <id>
>
>
> That won't work in the "users" file. You have to set the
> NAS-Identifier in the preproxy_users file.
works just fine. thanks a lot !
>
>
>>How to configure the A server so that if B rejects the request, then
>>A will check in a local user base (through pam) ?
>
>
> That's a little harder. The server isn't designed to do that easily.
>
arghhh... but even if it's not easy, is there a solution ? :-)
I did think of a hack, but it's not really a good solution I guess :
- use a pam authentication, and
- write a specific pam_radius module which will first request
the remote radius server and then search in the local user base...
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Samuel Degrande LIFL - UMR8022 CNRS - INRIA Futurs - Bat M3
Phone: (33)3.28.77.85.30 USTL - Universite de Lille 1
Fax: (33)3.28.77.85.37 59655 VILLENEUVE D'ASCQ CEDEX - FRANCE
[CA certs: http://igc.services.cnrs.fr/CNRS-Standard/recherche.html ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4039 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051202/456abdac/attachment.bin>
More information about the Freeradius-Users
mailing list