proxy-to-realm versus using a suffix
Alan DeKok
aland at deployingradius.com
Wed Jul 9 03:52:03 CEST 2008
Chris Fruehwirth wrote:
> Here is my update from testing with different versions. I tried to test
> the same scenario with 2.0.5 and got the same failed results. Then I
> went back to 1.1.7 and it worked.
Read the debug output to see where the differences are.
> I would like to add the realm name to specific RADIUS traffic either by
> IP address, EAP type or NAS-Port-Type.
Why "add realm name"? Why not just "proxy traffic"? The two
statements are *very* different.
On top of that, you *can't* proxy by EAP type. The server recommends
an EAP type... which means that by the time an EAP type is selected, the
EAP session has already started. You can't switch an EAP session from
one server to another.
> I was thinking of doing something like this below in the users file.
>
> DEFAULT EAP-Type == PEAP, Proxy-To-Realm := "SW"
That won't work. Ever.
> DEFAULT NAS-Port-Type == Wireless-802.11, Proxy-To-Realm := "SW"
If your NAS sends that NAS-Port-Type, it should work.
> DEFAULT Huntgroup-Name == Wirelesscontrollers, Proxy-To-Realm := "SW"
That should work, too.
> If there is a better way to do this in 2.0.4-5, please let me know.
It SHOULD work. If it doesn't, read the FAQ for "it doesn't work".
i.e. You've posted configurations that you think *might* work. You've
also said that you tried *other* configurations (not posted) that
didn't work. How do you expect anyone to help you when you don't say
what you're doing, and you don't say what happened?
Alan DeKok.
More information about the Freeradius-Users
mailing list