Proxy based on Multiple Realms
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Thu Oct 15 16:38:22 CEST 2009
Hi,
> What I want to do is proxy requests based on being in multiple realms. For
> example:
> Realm1/username.Realm2
so long as the second part with always be username.realm2 (and you dont get
into user.name.realm2 then you can use 2.1.x with unlang to configure what
you need. you need to use a decent regex parttern to match
$1/[string].$2 (in fact, you can simply ignore $1 as it will always
be host/ if dealing with type of traffic i expect)...and then you can simply
set the proxy-to-realm to be equal to the $2 value.
however, this is not a trivial 'it'll just work' and the realm details
might not be the sites real NAI realm (as it might be an internal AD realm
that has no basis on real world name, for example).
PS in eduroam we only allow the authentication of users via RFC NAI values -
this stops this nasty machine authentication mess (which most RADIUS servers
will not be able to handle) - i guess this is a demonstration of FR power/flexibility
rather than common use :-)
alan
More information about the Freeradius-Users
mailing list