Deleting reply items before post-proxy

Arran Cudbard-Bell A.Cudbard-Bell at
Sat Sep 1 12:32:24 CEST 2007

Alan DeKok wrote:
> Joe Maimon wrote:
>> So how do I properly ensure that entries I have attached to DEFAULTS for
>> proxied realms in my users file actually get sent? Currently I have the
>> offending code patched out.
>   What offending code?
>   I recently had another thought about 2.x: assign virtual servers to
> realms, too.  Those virtual servers would contain only pre-proxy and
> post-proxy sections.
>   Doing that will mean that each realm will have its own policies,
> independent of anything else.
>   It won't solve the "post-proxy-authorize" issue, but it will solve
> other problems.
Well it'll certainly make the solution to other problems neater.

I have to confess I had assumed the proxy behaviour was to allow reply 
attributes set in the authorise section to be sent on successful 
authentication by the home server, and structured my configuration to 
take advantage of this (as it seemed the logical way for things to work).

So I will have to take out that line, which makes testing really annoying.

So repeat plea for configuration option to allow the original reply to 
be combined with the *heavily filtered* reply from server.

>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

Arran Cudbard-Bell (A.Cudbard-Bell at
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08 
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900

More information about the Freeradius-Devel mailing list