Adding attributes to the reply of a proxied request
Kristofer Sigurdsson
kristosig at gmail.com
Fri Mar 3 12:30:15 CET 2006
Hi list,
I have a Linux box running FreeRADIUS 1.0.4.
What I'd like to do is receive authentication requests for many groups
of users from the same NAS boxes. The identifier for the different
types of users would be the @domain part of their username.
I'd like to proxy requests to different RADIUS servers based on their
domain, which is fairly easy, but what I'd also like to do, is that
when the reply from the other RADIUS server comes, add an attribute to
the reply.
For example:
1. A request comes in, it's user at dadada
2. FreeRADIUS sends a request to RADIUS server 192.168.2.1, because of
the @dadada
part.
3. RADIUS 192.168.2.1 replies with, "OK, accepted, Framed-IP-Address is this,
Framed-Route is that..."
4. FreeRADIUS adds "cisco-avpair: lcp:ip vrf dadada-vrf" and sends the
reply back to the
NAS.
Also, if at all possible, I'd like to be able to strip out attributes
sent by the other RADIUS server, eg. if that server includes any
cisco-avpair stuff (other than name servers), I'd like to strip that
from the reply before it gets to the NAS.
Any pointers would be appreciated. I've been looking through the
archives, but I can't seem to find a way to modify the replies from
the other RADIUS server.
Thanks in advance,
Kristo
More information about the Freeradius-Users
mailing list