ldap authorization request in a post_proxy section?
tnt at kalik.net
tnt at kalik.net
Tue Nov 4 17:52:15 CET 2008
> How should i call the ldap module in the post_proxy section (in
>Freeradius v1 or v2...)?
>
> It should perhaps be easier to ask a single question rather than in my
>long request posted yesterday...;o)
>
> In Freeradius v1, i can merge in an access-accept response radius
>attribute to a proxy reply.
>
>radiusd.conf
>------------
>....
>authorize {
> ...
> suffix
> ldap
> ...
>}
>
>post_proxy {
> eap
>}
>....
>
>proxy.conf
>----------
>proxy server {
> ...
>#
># Older versions of the server would pass proxy requests through the
># 'authorize' sections twice; once when the packet was received
># from the NAS, and again after the reply was received from the home
># server. Now that we have a 'post_proxy' section, the replies from
># the home server should be sent through that, instead of through
># the 'authorize' section again.
>#
># However, for backwards compatibility, this behaviour is configurable.
># The default configuration is 'yes', for backwards compatibility.
># To use ONLY the new 'post_proxy' section, set this value to 'no'.
>#
> post_proxy_authorize = yes
> ...
>}
>
>realm otp {
> type = radius
> authhost = myproxyradius:1812
> secret = xxxxxxx
>}
>
>
>And it works because it parses twice the authorization section (as i
>seemed to understand, sorry i'm french ;o))...a thing that doesn't
>happen in v2.x...
>
I think you should list authorize.ldap to execute ldap from authorize
section.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list