Proxying based on attribute value
Alan DeKok
aland at ox.org
Tue Mar 28 02:03:21 CEST 2006
Norman Elton <normelton at gmail.com> wrote:
> Looking at the documentation and proxy.conf, I see that FreeRadius
> can do all sorts of proxying based on the username. Can it determine
> the correct proxy server by checking the value (or existence) of a
> particular attribute?
Yes.
DEFAULT Some-Attribute == some-value, Proxy-To-Relm := example.com
> I'd like to forward all PEAP requests to one server, and all other
> requests to another server.
I'm not sure that's possible. EAP does EAP-Identity first, and then
does PEAP in the same session. You could try:
DEFAULT EAP-Type == PEAP, Proxy-To-Realm := example.com
But the other server may get excited that it only saw part of the
PEAP conversation.
You're really better off proxying on some other key.
Alan DeKok.
More information about the Freeradius-Users
mailing list