Freeradius-Proxied-To, radrelay and 2.0
Alan Dekok
aland at deployingradius.com
Fri May 25 15:17:36 CEST 2007
Milan Holub wrote:
> ==> my humble attempt to add the backwards compatibility for
> Freeradius-Proxied-To attribute:
In 2.0.0, the "detail" file reader looks for Packet-Src-IP-Address &&
Packet-Dst-IP-Address. The "detail" module needs to write these, too.
Then, the "realm" module needs to be updated to suppress proxying when:
request->packet->src_ipaddr == request->home->ipaddr &&
request->packet->src_port == request->home->port
This makes the FreeRADIUS-Proxied-To attribute (mostly) redundant. It
will work easily for 2 servers. For more than 2, the configuration
should be set up as:
1 -> 2
1 -> 3
2 -> 1
3 -> 1
Requests from '2' will reach '3' through '1', and there's no loop.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list