Set up proxy.conf with entries for the right ports, then you should be able to do something like (example, untested):
authorize {
if (Calling-Station-Id =~ /^.*:([a-zA-Z]+)$/) { update control { Tmp-String-0 := %{1} } }
switch "%{Tmp-String-0}" { case 'TEST' { update control { Proxy-To-Realm := testproxy } } case 'WIFI' { update control { Proxy-To-Realm := wifiproxy } } ... }
}
This should work between different servers; I'm not sure if you'll hit the "only one internal proxy" limit on one server.
Matthew
Using a wide filter capture i get rad_recv: Access-Request packet from host 172.23.255.199 port 56097, id=53, length=232 User-Name = "nagios@ac-orleans-tours.fr" Calling-Station-Id = "8C-77-12-53-62-0E" NAS-IP-Address = 172.23.255.199 NAS-Port = 16 Called-Station-Id = "C0-8A-DE-FA-E9-58:WIFI-ACAD" Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "C0-8A-DE-FA-E9-58" Connect-Info = "CONNECT 802.11g/n" EAP-Message = 0x0200001f016e6167696f734061632d6f726c65616e732d746f7572732e6672 Vendor-25053-Attr-3 = 0x574946492d41434144 Message-Authenticator = 0xc6f0db77bf6435b74051b3b3db278ca3 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++? if (Called-Station-Id =~ /^.*:(.*)$/) ? Evaluating (Called-Station-Id =~ /^.*:(.*)$/) -> TRUE ++? if (Called-Station-Id =~ /^.*:(.*)$/) -> TRUE ++- entering if (Called-Station-Id =~ /^.*:(.*)$/) {...} +++[control] returns notfound ++- if (Called-Station-Id =~ /^.*:(.*)$/) returns notfound expand: %{Tmp-String-0} -> ++- entering switch %{Tmp-String-0} {...} +++- switch %{Tmp-String-0} returns notfound ++- group authorize returns notfound ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject