proxy authorization based on NAS IP?
Alan DeKok
aland at deployingradius.com
Mon Dec 1 13:03:54 CET 2008
ST Wong (ITSC) wrote:
> We're using freeradius 2.1.1 and are looking for proxy authorization
> like following:
>
> 1. NAS1 (192.168.10.1) : accepts realmA and realmB, and proxy to remote
> radius serverA
> 2. NAS2 (192.168.10.2) : accepts realmB and realmC, and proxy to remote
> radius serverB
> 3. NAS3 (192.168.10.3) : accepts all realms except realmA, realmB, and
> realmC, and proxy to remote radius serverC
> 4. All other NAS and realm combinations are rejected.
>
> We're studying unlang but have no idea where to add the checking.
In the "authorize" section. It's run before packets are proxied.
...
if ((Packet-Src-IP-Address == 192.168.0.1) && (Realm == "a")) {
update control {
Proxy-To-Realm := "serverA"
}
}
Alan DeKok.
More information about the Freeradius-Users
mailing list