Freeradius Proxy scenario help
David Brierley
david.m.brierley at gmail.com
Wed May 24 11:55:50 CEST 2017
Hi Guys,
Wondeirng if you can help, I have a scenario where I have two servers
running Freeradius, one is setup using MYSQL and is working fine and the
other is doing OTP and is a remote server.
I would like to pass on the Auth part of this to the OTP server.
E.g. if a request comes in to server 1 it will do radcheck against username
only, it will then forward the request on to server two that will have the
same username and then check its password and OTP, The OTP radius server
will send an accept accept ONLY.
The original server running MYSQL will then add the rad reply / radgroup
reply items / AVP's to the reply.
Main reason is I can keep the OTP server as just doing OTP and have
multiple instances of Freeradius setup to essentially point the requests to
the OTP server if they need / Want to.
The original server can then have control of the rad replies to send to the
client (Mainly VPN clients).
It is possible on the OTP server alone however its very messy and to
implement with MYSQL isn't exactly straight forward.
Any pointers on this would be great e.g. how / what I need to look into.
I have had a look at proxying rad requests but from what I can understand
the original server cannot update the reply or if it can where I would do
this.
CHeers !!
More information about the Freeradius-Users
mailing list