Hi,
if (domain is local AND authenticating from a local NAS) then authenticate locally by proxy to Bradford Campus Manager (Campus Manager will receive the stripped user@realm as user and proxy to the local server address) else authenticate and return ACK/NACK to remote server in usual way for one of our users visiting remote site fi
The part I am not sure how to do is the last part, a conditional proxy based on source NAS. I assume I need to dip into unlang, but can I put that into the proxy.conf file?
with 2.x ? just ensure that clients are defined correctly - either by doing as the other post said, or create a new virtual server (copy your current one and rename it eg 'eduroam' and then define the proxies as being handled by that server ie internal stuff -> [RADIUS server {default/inner}] -> return attributes etc external stuff -> [RADIUS server {eduroam/inner}] -> no return attributes etc look at the virtual_server definition in the clients.conf - that says, basically, for any request from that client, slap it through that virtual server. this means you can actually have a very stripped down virtual server... no need for anything wierd...anything coming from the proxies will be solely for you (because the proxy has done the realm work already and decided on suitable target) and you dont need to deal with settings VLANs etc. the only thing you may want in place is an authorise section to deal with people who cannot remotely authenticate - eg they've broken AUP or are infected with virus/reported as bad etc alan