proxy same realm but different authentication protocol to different server

Alan DeKok aland at deployingradius.com
Fri Jan 29 12:49:59 CET 2010


piston wrote:
> Due some limitation, my partner is using two different server to handle different auth-type (PAP / EAP), said server1 only take PAP cannot handle EAP, server 2 take EAP cannot handle PAP.
> 
> But their user (realm xyz.com), login at my location maybe authenticate by PAP or EAP, depending what kind of services they're selected.

  Yes...

> My challenge is how to proxy the same realm to two different server depending on the auth-type.

  Define two realms: PAP.xyc.com, and EAP.xyz.com.  These should have
the server IPs and secrets for the relevant servers.

  Then, define a realm xyz.com:

	realm xyz.com {
		# NOTHING
	}

  In "authorize", *after* the "realms" module, do:

	if (Realm == "xyz.com") {
		if (EAP-Message) {
			update control {
				Proxy-To-Realm := "EAP.xyz.com"
			}
		}
		else {
			update control {
				Proxy-To-Realm := "PAP.xyz.com"
			}
		}
	}



More information about the Freeradius-Users mailing list