proxy-to-realm versus using a suffix

Chris Fruehwirth cfruehwi at nd.edu
Wed Jul 9 04:40:19 CEST 2008 

Alan DeKok wrote:
> Chris Fruehwirth wrote:
>   
>> Here is my update from testing with different versions. I tried to test
>> the same scenario with 2.0.5 and got the same failed results. Then I
>> went back to 1.1.7 and it worked.
>>     
>
>   Read the debug output to see where the differences are.
>
>   
I will review and post them tomorrow.
>> I would like to add the realm name to specific RADIUS traffic either by
>> IP address, EAP type or NAS-Port-Type.
>>     
>
>   Why "add realm name"?  Why not just "proxy traffic"?   The two
> statements are *very* different.
>   
I just want to proxy traffic. I got a little confused reviewing Ivan's 
reply.

>   On top of that, you *can't* proxy by EAP type.  The server recommends
> an EAP type... which means that by the time an EAP type is selected, the
> EAP session has already started.  You can't switch an EAP session from
> one server to another.
>
>   
Good to know.
>> I was thinking of doing something like this below in the users file.
>>
>> DEFAULT EAP-Type == PEAP, Proxy-To-Realm := "SW"
>>     
>
>   That won't work.  Ever.
>
>   
>> DEFAULT NAS-Port-Type == Wireless-802.11, Proxy-To-Realm := "SW"
>>     
>
>   If your NAS sends that NAS-Port-Type, it should work.
>
>   
>> DEFAULT Huntgroup-Name == Wirelesscontrollers,  Proxy-To-Realm := "SW"
>>     
>
>   That should work, too.
>
>   
>> If there is a better way to do this in 2.0.4-5, please let me know.
>>     
>
>   It SHOULD work.  If it doesn't, read the FAQ for "it doesn't work".
>
>   i.e. You've posted configurations that you think *might* work.  You've
>  also said that you tried *other* configurations (not posted) that
> didn't work.  How do you expect anyone to help you when you don't say
> what you're doing, and you don't say what happened?
>
>   
I thought I sent my debug to the list earlier, again apparently not. I 
do appreciate the help. I try to make it a little easier next time.

Thanks,

Chris
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list