Adam Bultman wrote:
I have an existing proxy realm like this:
realm proxydomain.com { type = radius authhost = x.x.x.x:1812 accthost = x.x.x.x:1813
In version 2, you should use the "home_server" directive. See raddb/proxy.conf. This *is* documented.
I am trying to set up a new proxy realm, which is a different domain name, but uses the same authhost and accthost, but a new shared secret:
This is *impossible* to do in RADIUS. By that, I mean *impossible*. The client sends packets to the server. The server looks up the shared secret by client IP. It is *impossible* to have two shared secrets for one client IP.
The authhost and accthost are reached via a VPN, and they are a "clearing house" of sorts - they proxy authentication and accounting for multiple companies (not just the one I'm worrying about).
So... list the shared secret for the *proxy*, not for the upstream servers.
Is it not possible to have unique shared secrets for unique realms, proxied to the same auth and acct hosts?
RADIUS doesn't work like that. It's impossible. Alan DeKok.