<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div>Hi Alan,<br><br>Please find the configuration in the users file &
proxy.conf file. Please let me know if i am missing or wrong configuration is done is achieve my objective.<br><br>Radiusd.conf file:</div></blockquote><div><br> modules {<br> pap {<br> encryption_scheme = clear
<br> }<br><br> chap {<br> authtype = CHAP<br> }<br><br> pam {<br> pam_auth = radiusd<br> }<br><br> unix {<br> cache = no<br> cache_reload = 600<br> radwtmp = /var/log/radius/radwtmp
<br> }<br><br> mschap {<br> authtype = MS-CHAP<br> #use_mppe = no<br> #require_encryption = yes<br> #require_strong = yes<br> #with_ntdomain_hack = no<br> }<br><br> ldap ldap_primary {
<br> server = <a href="http://1.1.1.1">1.1.1.1</a><br> port = 1234<br> identity = "kjd"<br> password = sdkjf<br> basedn = sdjkf<br> filter = "kjgf"<br> start_tls = no
<br> access_attr = "dialupacces"<br> dictionary_mapping = ${raddbdir}/ldap.attrmap<br> ldap_connections_number = 5<br> #password_header = "{SHA}"<br> password_attribute = fdsjk
<br> groupname_attribute = dj<br> groupmembership_filter = "kjf"<br> groupmembership_attribute = jkl<br> timeout = 4<br> timelimit = 3<br> net_timeout = 1<br> access_attr_used_for_allow = no
<br> }<br><br> ldap ldap_secondary {<br> server = <a href="http://2.2.2.2">2.2.2.2</a><br> port = 1234<br> identity = "kjd"<br> password = sdkjf<br> basedn = sdjkf<br> filter = "kjgf"
<br> start_tls = no<br> access_attr = "dialupacces"<br> dictionary_mapping = ${raddbdir}/ldap.attrmap<br> ldap_connections_number = 5<br> #password_header = "{SHA}"<br>
password_attribute = fdsjk<br> groupname_attribute = dj<br> groupmembership_filter = "kjf"<br> groupmembership_attribute = jkl<br> timeout = 4<br> timelimit = 3<br> net_timeout = 1
<br> access_attr_used_for_allow = no<br> }<br><br> passwd etc_passwd {<br> filename = /var/etc/passwd<br> format = "*User-Name::User-Password"<br> delimiter = :<br> }<br><br>
passwd etc_group {<br> filename = /var/etc/group<br> format = "~Group-Name::*,User-Name"<br> delimiter = :<br> }<br><br> realm suffix_oblic {<br> format = suffix<br> delimiter = /
<br> ignore_default = no<br> ignore_null = no<br> }<br><br> realm prefix_oblic {<br> format = prefix<br> delimiter = /<br> ignore_default = no<br> ignore_null = no<br> }<br>
<br> realm suffix_at {<br> format = suffix<br> delimiter = @<br> ignore_default = no<br> ignore_null = no<br> }<br><br> realm prefix_at {<br> format = prefix<br> delimiter = @
<br> ignore_default = no<br> ignore_null = no<br> }<br><br> realm suffix_percent {<br> format = suffix<br> delimiter = %<br> ignore_default = no<br> ignore_null = no<br> }
<br><br> realm prefix_percent {<br> format = prefix<br> delimiter = %<br> ignore_default = no<br> ignore_null = no<br> }<br><br> checkval {<br> item-name = Calling-Station-Id<br>
check-name = Calling-Station-Id<br> data-type = string<br> #notfound-reject = no<br> }<br><br> preprocess {<br> huntgroups = ${confdir}/huntgroups<br> hu_int32_ts = ${confdir}/hints
<br> with_ascend_hack = no<br> ascend_channels_per_line = 23<br> with_ntdomain_hack = no<br> with_specialix_jetstream_hack = no<br> with_cisco_vsa_hack = no<br> }<br><br> files {<br>
usersfile = ${confdir}/users<br> acctusersfile = ${confdir}/acct_users<br> compat = no<br> }<br> ..<br> ..<br>}<br><br>instantiate {<br> #exec<br> #expr<br> ldap_primary<br> ldap_secondary
<br>}<br><br>authorize {<br> preprocess<br> #etc_passwd<br> #etc_group<br> chap<br> mschap<br> suffix_oblic<br> prefix_oblic<br> suffix_at<br> prefix_at<br> suffix_percent<br> prefix_percent
<br> files<br> redundant {<br> ldap_primary<br> ldap_secondary<br> }<br> eap<br>}<br><br>authenticate {<br> Auth-Type PAP {<br> pap<br> }<br><br> Auth-Type CHAP {<br> chap
<br> }<br><br> Auth-Type MS-CHAP {<br> mschap<br> }<br><br> Auth-Type LDAP {<br> redundant {<br> ldap_primary<br> ldap_secondary<br> }<br> }<br><br> #unix<br> eap
<br>}<br><br>post-auth {<br>}<br><br>pre-proxy {<br>}<br><br>post_proxy {<br> eap<br>}<br><br><br>Users file:<br>--------------<br># primary ldap group policy configuration<br><br># WLAN Allow policy for the groups <br>
DEFAULT ldap_primary-Ldap-Group == "sales",VSA-Attr-4 =~ "1",Login-Time := "Any0000-2359"<br> Tunnel-Type = 13,<br> Tunnel-Medium-Type = 6,<br> Tunnel-Private-Group-Id = 1<br>DEFAULT ldap_primary-Ldap-Group == "marketting",VSA-Attr-4 =~ "2",Login-Time := "Any0000-2359"
<br> Tunnel-Type = 13,<br> Tunnel-Medium-Type = 6,<br> Tunnel-Private-Group-Id = 10<br><br># WLAN Deny policy for the groups <br>DEFAULT ldap_primary-Ldap-Group == "sales",VSA-Attr-4 =~ "2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32",Auth-Type:=Reject
<br>DEFAULT ldap_primary-Ldap-Group == "marketting",VSA-Attr-4 =~ "1|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32",Auth-Type:=Reject<br># secondary ldap group policy configuration
<br><br># WLAN Allow policy for the groups <br>DEFAULT ldap_secondary-Ldap-Group == "sales",VSA-Attr-4 =~ "1",Login-Time := "Any0000-2359"<br> Tunnel-Type = 13,<br> Tunnel-Medium-Type = 6,
<br> Tunnel-Private-Group-Id = 1<br>DEFAULT ldap_secondary-Ldap-Group == "marketting",VSA-Attr-4 =~ "2",Login-Time := "Any0000-2359"<br> Tunnel-Type = 13,<br> Tunnel-Medium-Type = 6,
<br> Tunnel-Private-Group-Id = 10<br><br># WLAN Deny policy for the groups <br>DEFAULT ldap_secondary-Ldap-Group == "sales",VSA-Attr-4 =~ "2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32",Auth-Type:=Reject
<br>DEFAULT ldap_secondary-Ldap-Group == "marketting",VSA-Attr-4 =~ "1|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32",Auth-Type:=Reject<br><br>anonymous<br><br>Anonymous
<br><br>DEFAULT Realm != "NULL"<br><br>DEFAULT Auth-Type := Reject<br><br>Proxy.conf file<br>---------------------<br>proxy server {<br> synchronous = no<br> retry_delay = 5<br> retry_count = 3<br>
dead_time = 120<br> default_fallback = yes<br> post_proxy_authorize = no<br>}<br><br>realm user\@myorg\.com {<br> authhost = <a href="http://192.168.2.2:1812">192.168.2.2:1812</a><br> accthost = <a href="http://192.168.2.2:1813">
192.168.2.2:1813</a><br> secret = symbol123<br> nostrip<br>}<br><br>the request was proxied to <a href="http://192.168.2.2">192.168.2.2</a> but it still tries to connect to ldap_primary<br><br>Please correct me if im doing any wrong configuration.
<br></div><br>Thanks.<br><div><br> <br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><span class="e" id="q_10c8c74e29237b6c_1">
<div><span class="gmail_quote">
On 7/19/06, <b class="gmail_sendername">Alan DeKok</b> <<a href="mailto:aland@nitros9.org" title="mailto:aland@nitros9.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">aland@nitros9.org</a>> wrote:
</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
"sumi thra" <<a href="mailto:sumi.techno@gmail.com" title="mailto:sumi.techno@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">sumi.techno@gmail.com</a>> wrote:<br>> What you are saying is correct. But, i want proxy the request for some users
<br>> and for others i still want to use ldap .. in that case the users file will
<br>> have the policy for using LDAP & the proxy.conf file will have the realms<br>> configured.<br><br> That's pretty trivial to do.<br><br>> When the server finds a matching realm, why is it trying to do ldap
<br>> authentication? ie, why the users policy is getting applied?<br><br> Because you told it to.<br><br> Read the debug log. It *will* tell you what's going on.<br><br> Alan DeKok.<br>-<br>List info/subscribe/unsubscribe? See
<a href="http://www.freeradius.org/list/users.html" title="http://www.freeradius.org/list/users.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.freeradius.org/list/users.html</a><br>
</blockquote></div><br>
</span></div></blockquote></div><br>