Client IP Address , Packet-Src-IP-Address
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Wed May 2 12:55:12 CEST 2007
Hi,
Just had a thought.
Currently with internal EAP proxying
copy_request_to_tunnel = yes
use_tunneled_reply = yes
Mean that when the contents of the eap packet is proxied internally
the attributes from the radius packet get copied to the proxy request.
And that the final set of reply attributes is taken directly from the
reply attributes sent back from the internal proxy.
Which means
you can use
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Autz-Type := "Eap-Internal"
Autz-Type eap-internal {
mschap
# Grab NT-Password from directory for use in MSChap-V2
ldap
# Read Authorisation groups from SQL Server
sql
}
Which speeds things up a great deal when doing EAP...
Unfortunately this breaks anything which relies on Packet-Src-IP-Address
/ Client-IP-Address
As they will be 127.0.0.1 *sigh*
Can you see any way of getting round this ?
Need Client-IP-Address to determine which set of proxies the request is
coming in form...
--
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
More information about the Freeradius-Devel
mailing list