Re: How to forward a request rejected by a proxy RADIUS server to another LDAP server?
Clark J. Wang wrote:
I've configured a proxy RADIUS server in `proxy.conf' and an LDAP server
in `radiusd.conf' and they work well. I want to forward those requests
rejected by the proxy RADIUS server to the LDAP server and
re-authenticate them again. Can I do that in FreeRADIUS? And how?
Can't be done.
The main reason it hasn't been implemented is that many Radius auth
algorithms e.g. EAP involve multiple exchanges. You can't just "break
into" the middle of a conversation.
In principle it could be done for PAP, and I think CHAP and MS-CHAP. At
the moment the easiest way would be to use an Exec-Program and radclient
to issue the request to the proxy, and if it fails do the LDAP.
Frequently when people ask to do this it's because most of their users
live in a remote server but some live in an LDAP server. If that's the
case, you can solve the problem other ways.
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.