How to proxy only any type of requests

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Mon Nov 14 19:22:21 CET 2011


Hi,

> I a newbie freeradius user and I have a new problem. I have a switch
> that send auth request to a FreeRadius. I need that if the auth
> request if for a windows user (for example user NTCETEMMSA\guillem)
> resend the request to a windows nps server, but, if the auth request
> is a MAC address  (for example 00-24-54-3E-04-5A/NOPASSWORD), the FR
> use the users file for auth this.
> 
> The problem is that the FR always auth only with users file or always
> auth only with the windows nps server.

you just need to deal with the REALM component...many ways to
do this...but I would personally use unlang...  eg in your 
virtual-server configuration, in authorize, put

if("%{User-Name}" =~ /\\/i) {
	update control {
		Proxy-To-Realm := 'nps'
		}
	}

then, add 'nps' to your proxy.conf file as you have DEFAULT

you could also add another check for if its MAC if you want belt-and-braces
(check for the correct MAC format and then sent to local or null realm.)

> This is my proxy.conf server:
> 
> realm LOCAL {
> }
> 
> realm NULL {
>         type=LOCAL
>         nostrip

you dont need those 2 entriess....remove LOCAL and remove nostrip

> And my users fils:
> 
> "00-24-54-3E-04-5A" Auth-Type := "Local", User-Password = "NOPASSWORD"
                      ^^^^^^^^^^^^^^^^^^^^^

you dont need Auth-Type. the server has intelligence.

you certainly dont want User-Password. it should read

Cleartext-Password := "NOPASSWORD"


alan



More information about the Freeradius-Users mailing list