Combine Proxy Answer with Local Information
Dan Fisher | Fluidata
DanFisher at fluidata.co.uk
Wed Nov 18 13:39:34 CET 2009
Hi all,
I am wondering if someone will be able to point me in the correct
direction with a setup I am trying to achieve. Basically we are rolling
out a new offering to our customers where we want to have our LAC's
query our radius servers which will then proxy requests on to our
customer's radius servers based on the domain used in the username. I
have got all of the proxy'ing working within radius - nice and easy
following the wiki and instructions - thanks.
My problem is that the response I send to our LAC has to contain extra
information depending on the domain. Is it possible to query a local
mysql database for this extra information (these are cisco av pairs
needed to establish the tunnels between the LAC and LNS) and add it into
the Access-Accept message that is returned to the LAC from the radius?
An example would of what I have at the moment is:
Sending Access-Accept of id 6 to xx.xx.xx.xx port 51274
Framed-IP-Address = 192.168.0.1
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Tunnel-Server-Endpoint:0 = "yy.yy.yy.yy"
And I need it contain 3 extra lines that would be stored locally (in
italics):
Sending Access-Accept of id 6 to xx.xx.xx.xx port 51274
Framed-IP-Address = 192.168.0.1
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Tunnel-Server-Endpoint:0 = "yy.yy.yy.yy"
Tunnel-Type:0 = L2TP
Tunnel-ID=DEFGH
L2TP-Tunnel-Password=ABCDE"
This is currently running on FreeRADIUS Version 2.1.7. I have read the
documentation and the mailing lists but cant seem to find anyone who has
had to do a similar thing.
Kind Regards
Dan Fisher
Technical Manager
get your data flowing ...
DDI: 020 7099 8985
Tel: 0845 868 7848
Fax: 0845 868 7858
danfisher at fluidata.co.uk <mailto:danfisher at fluidata.co.uk>
www.fluidata.co.uk <http://www.fluidata.co.uk/>
This message is intended solely for the use of the individual or
organisation to whom it is addressed. It may contain privileged or
confidential information. If you have received this message in error,
please notify the originator immediately. If you are not the intended
recipient, you should not use, copy, alter, or disclose the contents of
this message. All information or opinions expressed in this message
and/or any attachments are those of the author and are not necessarily
those of Fluidata Ltd. Fluidata accepts no responsibility for loss or
damage arising from its use, including damage from virus.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091118/ee0990c0/attachment.html>
More information about the Freeradius-Users
mailing list