Hi,
i have a problem with the Set-Up i have to do. we have two types of costumers (managed and unmanaged). In our Setup we get all access-requests to the same radius server. In this radius Server then we have to decide if we have to proxying the request (unmanaged costumer) or authorize against our LDAP server (unmanaged costumer). The information if the costumer ist managed/unmanaged along with proxy and user information is in the same ldap and i have to query it first for deciding what to do. Is such a setup possible with freeradius?
My specs: Ubuntu 16.04 FreeRADIUS Version 2.2.8 (2.2.8+dfsg-0.1build2 from apt)
The basic setup with authorization/authentication against the ldap is running very well, but the extension with the unmanaged costumers give my head ache. I need help to find the right direction to run.
so you authorize already? if so, what LDAP attribute (group etc) can you use to distinguish the 2 types? just use that as the basis for unlang in authorize {}, just after ldap, you can do eg if (%{LDAP-Group} == "unmanaged"){ update control { Proxy-to-Realm := unmanaged } updated } and then in proxy.cofn set up an 'unmanaged' server group to send the request to. note, none of the above is validated/errer-free/tested, theres probably at least a few syntax errors but it will give you the fundamental idea... alan