proxy same realm but different authentication protocol to different server
piston
pistonic at yahoo.com
Wed Jan 27 10:39:03 CET 2010
I've try below at the end of authorize section
if (control:Auth-Type := "EAP") {
update control {
{
Proxy-To-Realm == "xyz.com"
}
realm xyz.com {
type = radius
authhost = 123.123.123.1:1812
accthost = 123.123.123.1:1813
secret = password
nostrip
}
}
if (control:Auth-Type := "PAP") {
update control {
{
Proxy-To-Realm == "xyz.com"
}
realm xyz.com {
type = radius
authhost = 123.123.123.2:1812
accthost = 123.123.123.2:1813
secret = password
nostrip
}
}
Got error while startup the freeradius
Error: /etc/freeradius/sites-enabled/default[212]: ERROR: No value given for attribute {
Error: /etc/freeradius/sites-enabled/default[211]: Failed to parse "update" subsection.
Error: /etc/freeradius/sites-enabled/default[62]: Errors parsing authorize section.
What is my mistake?
Thanks
KH
----- Original Message ----
From: Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Sent: Fri, December 18, 2009 4:22:39 AM
Subject: Re: proxy same realm but different authentication protocol to different server
Hi,
> Am I possible to do these?
>
> 1. proxy realm xyz.com (PAP/CHAP) to server#1
>
> 2. proxy realm xyz.com (PEAP) to server#2
yes, in many varied ways.... you could doa check of Auth-Type
at the end of the authorise section..and then if realm = xyz.com
update the control to proxy to server1 it its PAP or CHAP
or if its EAP then proxy it to server2
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list