[E] Re: Can I conditionally proxy?

Alan DeKok aland at deployingradius.com
Thu Jun 7 23:32:49 CEST 2018

On Jun 7, 2018, at 5:29 PM, Gary Algier <gary.algier at mavenir.com> wrote:
>     realm NULL {
>     if (%{ad_query:ldap:///?samaccountname?sub?&((samaccountname=%u)(memberof=CN=R-Global-ICT-Remote-Access*))}) {
>          auth_pool = mfa_pool

  That won't work.

>     }
>     else {
>           auth_pool = tms_pool
>     }
> }
> I got the following error:
> /etc/raddb/proxy.conf[507]: Invalid location for 'if'
> Errors reading or parsing /etc/raddb/radiusd.conf
> I guess one is not allowed to use unlang inside a realm?

  No.  See "man unlang".  You are only allowed to use "unlang" inside of *processing* sections, like "authorize".

> What basic concept am I missing?

  Configure two pools && two realms in the "proxy.conf" file.  Then, put the "if" statements into the "authorize" section.  And the contents of the section should set the destination realm.

  Alan DeKok.

More information about the Freeradius-Users mailing list