How not to proxy?
Leighton Man
l.j.man at hud.ac.uk
Fri Dec 18 13:51:00 CET 2009
>something like Proxy-To-Realm := LOCAL
>
>This is documentented in a comment just before the "realm LOCAL"
>definition in the default proxy.conf.
Thanks for the guidance. If anyone is interested the construct below seems to work a treat.
Leighton
if((request:NAS-Port-Type == Virtual || request:NAS-Port-Type == Async)&& ..more conditions to define the NAS...){
update control {
Proxy-To-Realm := LOCAL
}
if(ldap_staff-Ldap-Group == correctADgroup){
update control {
Auth-Type := "ntlm_auth"
}
update reply {
cisco-avpair = shell:priv-lvl=15
}
}
}
---
This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability.
More information about the Freeradius-Users
mailing list