Thanks Phil, thanks a lot It worked. I have multiple home servers configured so I am using your logic like this if ("%{User-Name}"=~ /^host\/.*testad1.com$/) { update control { Proxy-To-Realm := "testad1.com" } } elsif ("%{User-Name}"=~ /^host\/.*si-test.dssc.com$/) { update control { Proxy-To-Realm := "si-test.dssc.com" } } Thanks, Chidanand On Thu, Oct 21, 2010 at 1:52 PM, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
On 10/21/2010 08:55 AM, Chidanand Gangur wrote:
I have collected logs for full session of host authentication, log is pasted below.
As mentioned in my previous mail I just want to proxy the host authentication request to the home server, is it possible?
You didn't mention that in your original email.
As I've said - the "host/foo" syntax is NOT an IPASS username. It may have the same format, but you do not want to process it using that realm.
If you want to proxy these requests, I would recommend doing the following:
1. Define the realm you are proxying to in "proxy.conf" 2. In "authorize", do the following:
authorize { ... # N.B do not have the "IPASS", "suffix" or "ntdomain" ... # modules before this point, they'll confuse things
if (User-Name =~ /^host\//) { update control { Proxy-To-Realm := THEREALM } } ... }
...then FreeRadius will do the right thing.
Out of interest, why do you want to proxy them? You are presumably aware that FreeRadius can, if correctly setup, perform the machine authentication itself? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Chidanand Gangur Pune.