Proxying both EAP and non-EAP requests for the same realm to different servers.

Stefan.Neis at Stefan.Neis at
Thu Jul 21 17:47:37 CEST 2005


> I want to proxy requests to different servers, based on their
> authentication type - though they belong to the same realm.
> How do I make EAP request for a realm go to one server and
> non-EAP requests for the same realm go to another server?

I think you could try to proxy every paket which is not yet known to be
of an EAP authentication type and which doesn't contain an EAP-Message
attribute to one server and everything that remains to the other one,
e.g. with such entries in the users file:

DEFAULT Auth-Type != EAP, EAP-Message !* ANY, Proxy-To-Realm :=
DEFAULT Proxy-To-Realm:=EAP-Server

If you want to not only have two servers but two servers per realm for
several realms, maybe something like this could work:
DEFAULT Auth-Type != EAP, EAP-Message !* ANY, Realm=foo,Proxy-To-Realm
:= NON-EAP-Server_for_foo

DEFAULT Realm=foo, Proxy-To-Realm:=EAP-Server_for_foo

Of course, you'd need to configure the additional  realms
NON-EAP-Server[_for_foo] and EAP-Server[_for_foo].


More information about the Freeradius-Users mailing list