How to forward a request rejected by a proxy RADIUS server to another LDAP server?

Jian Wang jwang at a10networks.com.cn
Tue Jun 5 11:06:12 CEST 2007


On 6/5/07, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>
> Clark J. Wang wrote:
> > I've configured a proxy RADIUS server in `proxy.conf' and an LDAP server
> > in `radiusd.conf' and they work well. I want to forward those requests
> > rejected by the proxy RADIUS server to the LDAP server and
> > re-authenticate them again. Can I do that in FreeRADIUS? And how?
>
> Can't be done.
>
> The main reason it hasn't been implemented is that many Radius auth
> algorithms e.g. EAP involve multiple exchanges. You can't just "break
> into" the middle of a conversation.
>
> In principle it could be done for PAP, and I think CHAP and MS-CHAP. At
> the moment the easiest way would be to use an Exec-Program and radclient
> to issue the request to the proxy, and if it fails do the LDAP.
>
> Frequently when people ask to do this it's because most of their users
> live in a remote server but some live in an LDAP server. If that's the
> case, you can solve the problem other ways.


Thank you very much :-)

-
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070605/9b93ea71/attachment.html>


More information about the Freeradius-Users mailing list