Alan DeKok wrote:
Joe Maimon wrote:
So how do I properly ensure that entries I have attached to DEFAULTS for proxied realms in my users file actually get sent? Currently I have the offending code patched out.
What offending code?
I recently had another thought about 2.x: assign virtual servers to realms, too. Those virtual servers would contain only pre-proxy and post-proxy sections.
Doing that will mean that each realm will have its own policies, independent of anything else.
It won't solve the "post-proxy-authorize" issue, but it will solve other problems.
Well it'll certainly make the solution to other problems neater. I have to confess I had assumed the proxy behaviour was to allow reply attributes set in the authorise section to be sent on successful authentication by the home server, and structured my configuration to take advantage of this (as it seemed the logical way for things to work). So I will have to take out that line, which makes testing really annoying. So repeat plea for configuration option to allow the original reply to be combined with the *heavily filtered* reply from server.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
-- Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900