preproxy_users doesn't filter attributes
Alan DeKok
aland at deployingradius.com
Mon Jul 7 17:24:56 CEST 2008
Michael da Silva Pereira wrote:
> There is no clear way to separate between which requests (from or to
> home servers/post-proxy or pre-proxy).
Huh? What do you mean by that?
The pre-proxy section is processed before the request is sent to the
home server. The post-proxy section is processed when the reply is
received from the home server.
This is documented.
> So I tried this with success:
>
> Add this to the radiusd.conf, I added this under the "attr_filter {"
> line, which is part of the "Modules" section in the config file.
> attr_filter preproxy_attrfilter {
> attrsfile = ${confdir}/preproxy_attrfilter
> }
There's already a sample pre-proxy configuration for the attrfilter
module. Why is it necessary to create another one?
> Then under the pre-proxy section before the "files" line add a line
> "preproxy_attrfilter", Or before any custom auth stuff you have in
> there. (example:)
> pre-proxy {
> preproxy_attrfilter
There's already a sample pre-proxy configuration for the attrfilter
module in the "pre-proxy" section. Why is it necessary to create
another one?
> Then add the filters into the file preproxy_attrfilter in
> /etc/freeradius or whatever your config directory is called.
There's already a file raddb/attrs.preproxy. Why is it necessary to
create another one?
Is there something about the existing documentation that isn't sufficient?
Alan DeKok.
More information about the Freeradius-Users
mailing list