How to proxy only any type of requests
IT Support
support at cetemmsa.com
Wed Nov 16 16:36:51 CET 2011
Thanks a LOT Alan for your answer.
The radius works very well. It auths the MAC's locally and resend the
windows domains users query to a Windows NPS Server.
Toni
2011/11/14 Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
>
> Hi,
>
> > I a newbie freeradius user and I have a new problem. I have a switch
> > that send auth request to a FreeRadius. I need that if the auth
> > request if for a windows user (for example user NTCETEMMSA\guillem)
> > resend the request to a windows nps server, but, if the auth request
> > is a MAC address (for example 00-24-54-3E-04-5A/NOPASSWORD), the FR
> > use the users file for auth this.
> >
> > The problem is that the FR always auth only with users file or always
> > auth only with the windows nps server.
>
> you just need to deal with the REALM component...many ways to
> do this...but I would personally use unlang... eg in your
> virtual-server configuration, in authorize, put
>
> if("%{User-Name}" =~ /\\/i) {
> update control {
> Proxy-To-Realm := 'nps'
> }
> }
>
> then, add 'nps' to your proxy.conf file as you have DEFAULT
>
> you could also add another check for if its MAC if you want belt-and-braces
> (check for the correct MAC format and then sent to local or null realm.)
>
> > This is my proxy.conf server:
> >
> > realm LOCAL {
> > }
> >
> > realm NULL {
> > type=LOCAL
> > nostrip
>
> you dont need those 2 entriess....remove LOCAL and remove nostrip
>
> > And my users fils:
> >
> > "00-24-54-3E-04-5A" Auth-Type := "Local", User-Password = "NOPASSWORD"
> ^^^^^^^^^^^^^^^^^^^^^
>
> you dont need Auth-Type. the server has intelligence.
>
> you certainly dont want User-Password. it should read
>
> Cleartext-Password := "NOPASSWORD"
>
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list