Proxying both EAP and non-EAP requests for the same realm to different servers.
Stefan.Neis at t-online.de
Stefan.Neis at t-online.de
Thu Jul 21 17:47:37 CEST 2005
Hi,
> I want to proxy requests to different servers, based on their
> authentication type - though they belong to the same realm.
>
> How do I make EAP request for a realm go to one server and
> non-EAP requests for the same realm go to another server?
I think you could try to proxy every paket which is not yet known to be
of an EAP authentication type and which doesn't contain an EAP-Message
attribute to one server and everything that remains to the other one,
e.g. with such entries in the users file:
DEFAULT Auth-Type != EAP, EAP-Message !* ANY, Proxy-To-Realm :=
NON-EAP-Server
DEFAULT Proxy-To-Realm:=EAP-Server
If you want to not only have two servers but two servers per realm for
several realms, maybe something like this could work:
DEFAULT Auth-Type != EAP, EAP-Message !* ANY, Realm=foo,Proxy-To-Realm
:= NON-EAP-Server_for_foo
DEFAULT Realm=foo, Proxy-To-Realm:=EAP-Server_for_foo
Of course, you'd need to configure the additional realms
NON-EAP-Server[_for_foo] and EAP-Server[_for_foo].
HTH,
Stefan
More information about the Freeradius-Users
mailing list