piston wrote:
Due some limitation, my partner is using two different server to handle different auth-type (PAP / EAP), said server1 only take PAP cannot handle EAP, server 2 take EAP cannot handle PAP.
But their user (realm xyz.com), login at my location maybe authenticate by PAP or EAP, depending what kind of services they're selected.
Yes...
My challenge is how to proxy the same realm to two different server depending on the auth-type.
Define two realms: PAP.xyc.com, and EAP.xyz.com. These should have the server IPs and secrets for the relevant servers. Then, define a realm xyz.com: realm xyz.com { # NOTHING } In "authorize", *after* the "realms" module, do: if (Realm == "xyz.com") { if (EAP-Message) { update control { Proxy-To-Realm := "EAP.xyz.com" } } else { update control { Proxy-To-Realm := "PAP.xyz.com" } } }