On 6/5/07, <b class="gmail_sendername">Phil Mayers</b> <<a href="mailto:p.mayers@imperial.ac.uk">p.mayers@imperial.ac.uk</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Clark J. Wang wrote:<br>> I've configured a proxy RADIUS server in `proxy.conf' and an LDAP server<br>> in `radiusd.conf' and they work well. I want to forward those requests<br>> rejected by the proxy RADIUS server to the LDAP server and
<br>> re-authenticate them again. Can I do that in FreeRADIUS? And how?<br><br>Can't be done.<br><br>The main reason it hasn't been implemented is that many Radius auth<br>algorithms e.g. EAP involve multiple exchanges. You can't just "break
<br>into" the middle of a conversation.<br><br>In principle it could be done for PAP, and I think CHAP and MS-CHAP. At<br>the moment the easiest way would be to use an Exec-Program and radclient<br>to issue the request to the proxy, and if it fails do the LDAP.
<br><br>Frequently when people ask to do this it's because most of their users<br>live in a remote server but some live in an LDAP server. If that's the<br>case, you can solve the problem other ways.</blockquote><div>
<br>Thank you very much :-) <br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">
http://www.freeradius.org/list/users.html</a><br></blockquote></div><br>