authorize and authenticate in proxy
Phil Mayers
p.mayers at imperial.ac.uk
Mon Jan 22 12:10:06 CET 2007
Ana Gallardo Gómez wrote:
> Hello!
>
> I want to use Freeradius as a proxy Radius server, and I think that my
> Freeradius don´t have to do authorize and authenticate: my Freeradius
> have to proccess request with realm "@unex.es", the others request have
> to be proxyed. My configuration is:
>
> radiusd.conf:
>
> authorize {
> preprocess
> suffix
> files
> Autz-Type LDAP_UNEX_ES{
> ldap_unex_es
> }
> mschap
> eap
> }
>
>
> authenticate {
> ldap_unex_es
> Auth-Type MS-CHAP {
> mschap
> }
> eap
> }
>
> users:
>
> DEFAULT Autz-Type = "LDAP_UNEX_ES"
>
> proxy.conf:
>
> realm unex.es <http://unex.es/> {
> type = radius
> authhost = LOCAL
> accthost = LOCAL
> }
>
> realm NULL {
> type = radius
> authhost = LOCAL
> accthost = LOCAL
> }
>
> realm DEFAULT {
> type = radius
> authhost = other_server_1
> accthost = LOCAL
> secret = ******
> nostrip
> }
>
> realm DEFAULT {
> type = radius
> authhost = other_server_2 <http://radius2.rediris.es:1812/>
> accthost = LOCAL
> secret = ******
> nostrip
> }
>
> - I want to define two instances of "realm DEFAULT", in case one of then
> fails. It is posible?
Yes. See the comments at the top of proxy.conf
> - Have my freeradius to do authorize and autheticate when request have
> to be proxyed?
No. You're almost there
> - I think that in users file I have to distinguish between request with
> realm "@unex.es" to set Autz-Type = "LDAP_UNEX_ES" and the others...
Yes you do. Try this in the "users" file:
DEFAULT Realm == "DEFAULT"
Fall-Through = No
DEFAULT Autz-Type := "LDAP_UNEX_ES"
>
> I´m lost with proxy... I need help. Thank you.
You've almost got it. Let us know if you have any problems.
>
>
> Sorry for my english.
Your english is great.
More information about the Freeradius-Users
mailing list