terminating EAP tunnels, proxy and realms
Andreas Liebe
liebe at hrz.tu-darmstadt.de
Mon Jun 25 15:49:13 CEST 2007
Alan,
> > I do not want to terminate the EAP tunnels for the foreign realms, but I
> > have to terminate the local one (@tu-darmstadt.de and NULL) as I have to
> > forward the requests to a set of internal radius servers not capable of
> > speaking EAP.
>
> Set Proxy-To-Realm := LOCAL for the realms you want to terminate
> locally. Make sure that this is done before the "eap" module is run in
> the "authorise" section.
>
> Then, put the following in the "users" file to proxy the inner request
> to another realm:
>
> DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm = oldservers
I've already had these rules in user. The final hint was to set
authhost = LOCAL
in proxy.conf.
Now it works as expected.
Thanks a lot to all who helped, especially to Alan of course!
-Andreas
--
Andreas Liebe/Darmstadt University of Technology/+49 6151 16-3150/3050(FAX)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 185 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070625/88938dde/attachment.pgp>
More information about the Freeradius-Users
mailing list