Proxying based on SSID
Alan DeKok
aland at deployingradius.com
Wed Jan 24 08:18:02 CET 2007
Lai Fu Keung wrote:
> Normally, I proxy a PEAP request whenever the realm is unknown to us
> (i.e. using the DEFAULT realm without stripping user name). However, for
> some SSIDs, I want requests to be handled locally with ldap, independent
> of what the realm is (and with the user name stripped). What I did is to
> find those SSIDs in "Called-Station-ID" and
> set proxy-to-realm to a local realm.
OK...
> But the problem (I guess) is that when freeradius processes the realm
> file, the user name is not stripped. When later on processed by the
> local realm, the request fails because the user name still contains the
> domain.
The problem is that the realms file *isn't* being processed. That's
why the user names aren't stripped.
You can always put the check for SSID *after* the check for the
realms. In that case, the usernames will be stripped, and the SSID
check can cancel any proxying, just like you do now.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list