proxy fallback?

Alan DeKok aland at deployingradius.com
Thu Jun 21 17:37:58 CEST 2007


Christopher Fournier wrote:
> Using freeradius 1.1.6: I'm trying to establish a sequential auth order,
> but it seems I'm missing the boat on something. The goal is the
> following auth order, in iteration:
> 
> 1) Check for local users in MySQL table
> 2) Proxy the request to another server
> 3) Use the local 'users' file (that is to permit all users, by default)

  It doesn't work that way.  Proxying is really an authentication step,
and the "users" file gets run during the authorization step.  Also, if
the home server returns reject, then that's pretty much it.  You can't
then go accept the user.

  I suggest changing the rules to:

1) check for local users in MySQL
2) if notfound, check for realms A, B, C, D && proxy to another server
3) else accept the user

  Alan DeKok.



More information about the Freeradius-Users mailing list