Server switch

Emmanuel BILLOT emmanuel.billot at ac-orleans-tours.fr
Tue Mar 26 14:24:21 CET 2013 

> Set up proxy.conf with entries for the right ports, then you
> should be able to do something like (example, untested):
>
> authorize {
>
>    if (Calling-Station-Id =~ /^.*:([a-zA-Z]+)$/) {
>      update control {
>        Tmp-String-0 := %{1}
>      }
>    }
>    
>    switch "%{Tmp-String-0}" {
>      case 'TEST' {
>         update control {
>            Proxy-To-Realm := testproxy
>         }
>      }
>      case 'WIFI' {
>         update control {
>            Proxy-To-Realm := wifiproxy
>         }
>      }
>      ...
>    }
>
> }
>
> This should work between different servers; I'm not sure if you'll
> hit the "only one internal proxy" limit on one server.
>
> Matthew
>
>
Using a wide filter capture i get

rad_recv: Access-Request packet from host 172.23.255.199 port 56097, 
id=53, length=232
         User-Name = "nagios at ac-orleans-tours.fr"
         Calling-Station-Id = "8C-77-12-53-62-0E"
         NAS-IP-Address = 172.23.255.199
         NAS-Port = 16
         Called-Station-Id = "C0-8A-DE-FA-E9-58:WIFI-ACAD"
         Service-Type = Framed-User
         Framed-MTU = 1400
         NAS-Port-Type = Wireless-802.11
         NAS-Identifier = "C0-8A-DE-FA-E9-58"
         Connect-Info = "CONNECT 802.11g/n"
         EAP-Message = 
0x0200001f016e6167696f734061632d6f726c65616e732d746f7572732e6672
         Vendor-25053-Attr-3 = 0x574946492d41434144
         Message-Authenticator = 0xc6f0db77bf6435b74051b3b3db278ca3
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++? if (Called-Station-Id =~ /^.*:(.*)$/)
? Evaluating (Called-Station-Id =~ /^.*:(.*)$/) -> TRUE
++? if (Called-Station-Id =~ /^.*:(.*)$/) -> TRUE
++- entering if (Called-Station-Id =~ /^.*:(.*)$/) {...}
+++[control] returns notfound
++- if (Called-Station-Id =~ /^.*:(.*)$/) returns notfound
         expand: %{Tmp-String-0} ->
++- entering switch %{Tmp-String-0} {...}
+++- switch %{Tmp-String-0} returns notfound
++- group authorize returns notfound
ERROR: No authenticate method (Auth-Type) found for the request: 
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject

More information about the Freeradius-Users mailing list