RE : Re: RE : Re: no Client-IP-Address in packet

[Mitaine Yoann <ymitaine@yahoo.fr>]

Phil Mayers <p.mayers@imperial.ac.uk> a écrit :

Mitaine Yoann wrote:
>
> */Michael Mitchell /* a écrit :
>
> Client-IP-Address is an internal freeRADIUS attribute, and is not
> defined in the RFC's. Hence it is never proxied to another server.

Yes, I am aware of that. I said that, in fact.

>
> In fact, the "Client-IP-Address" for server B in the example above
> would be the address of server A, and not the NAS.
>
> Exactly, but it would seem that never arrives.
> Could you tell me, how to make so that the Client-IP-Address have the
> IP address value of server A .

Don't remove the preprocess module from authorize.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

the only problem is that "preprocess" is present in the authorize section in the radiusd.conf file of the radius server A :
authorize {
        preprocess
        suffix
        eap
        files
       Autz-Type LDAP {
                ldap
      }
}

so I don't understand when a proxying request arrives, why the server B didn't match the rule in the users file :
DEFAULT Huntgroup-Name == "foo", Ldap-Group == "interne", Autz-Type := Ldap

where foo Client-IP-Address == x.x.x.x

there is perhaps a bug in the version which I use?

---

Découvrez un nouveau moyen de poser toutes vos questions quelque soit le sujet ! 
Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. Cliquez ici.