Ah, I was misunderstanding the proxy functionality. I thought it was only used for proxying radius requests to other radius servers. I was having a problem with configuring the users file. Why will this set Auth-Type: DEFAULT Realm == "realm", Auth-Type := Kerberos And this will not: DEFAULT Realm == "realm" Auth-Type := Kerberos Looking through the examples in the users file, it seems like it should (assuming the examples work): DEFAULT Hint == "SLIP" Framed-Protocol = SLIP From: Alan DeKok <aland@deployingradius.com> Reply-To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Date: Tue, 12 Oct 2010 10:28:35 -0400 To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: Defining an Auth-Type based on a realm Mathew Rowley wrote:
My question was more of where that configuration should live. I can see that you can do attribute checks in the users file, but I am not sure the realm is being set to any attribute...
Read the debug output. The realm isn't being set because you didn't define one.
Tue Oct 12 07:38:54 2010 : Info: [suffix] Looking up realm "realm" for User-Name = " user@realm" Tue Oct 12 07:38:54 2010 : Info: [suffix] No such realm "realm"
Well.. that should be pretty obvious.
But I never see an attribute being set to the realm. Do I have to explicitly define that somewhere in order to do a check in the users file? Or, is there a better place to do this check (possibly in an IPASS configuration of suffix configuration)?
See raddb/proxy.conf for documentation on configuring realms. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html