Proxy help
David Mitchell
mitchell at ucar.edu
Wed Jul 2 17:06:04 CEST 2008
Ivan Kalik wrote:
>> OK, I think I have this figured out. Does this seem like a reasonable
>> solution? From sites-enabled/default:
>>
>> pre-proxy {
>> # Save our relevant attributes in the 'control' list before
>> # we send our request to the proxy. We will retrieve them later.
>> update control {
>> Service-Type := "%{reply:Service-Type}"
>> Reply-Message := "%{reply:Reply-Message}"
>> }
>> }
>>
>> post-auth {
>> update reply {
>> Service-Type := "%{control:Service-Type}"
>> Reply-Message := "%{control:Reply-Message}"
>> }
>> }
>>
>
> I don't think that you need pre-proxy entries. Service -Type should be
> in the request list, so you can update reply from there. And
> Reply-Message can probably be derived from the Service-Type?
I set those two attributes in the users file based on the group the
username is in and the huntgroup the NAS is in. I tried to find
somewhere I could grab the attributes from, but I couldn't find them
anywhere. My guess is that the users file set them in the reply packet,
but they got overwritten by the response from the proxy? From what I can
tell, when I get the response from the proxy nothing is left in the
reply packet except proxy-state. Is that normal, or possibly a bug?
-David
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
-----------------------------------------------------------------
| David Mitchell (mitchell at ucar.edu) Network Engineer IV |
| Tel: (303) 497-1845 National Center for |
| FAX: (303) 497-1818 Atmospheric Research |
-----------------------------------------------------------------
More information about the Freeradius-Users
mailing list