Configuring a proxied and local authentication

Alan DeKok aland at ox.org
Fri Dec 2 18:16:46 CET 2005


Samuel Degrande <Samuel.Degrande at lifl.fr> wrote:
> I don't find a way to add a NAS-Identifier value inside the proxied
> request, so that B server could check it...

  That's because the NAS didn't send it.  FreeRADIUS doesn't add one,
so...

> I tried:
> <username> Proxy-To-Realm := <realm>, NAS-Identifier := <id>
> and
> <username> Proxy-To-Realm := <realm>, NAS-Identifier += <id>

  That won't work in the "users" file.  You have to set the
NAS-Identifier in the preproxy_users file.

> How to configure the A server so that if B rejects the request, then
> A will check in a local user base (through pam) ?

  That's a little harder.  The server isn't designed to do that easily.

  Alan DeKok.




More information about the Freeradius-Users mailing list