proxy same realm but different authentication protocol to different server

piston pistonic at yahoo.com
Wed Jan 27 10:39:03 CET 2010


I've try below at the end of authorize section

if (control:Auth-Type := "EAP") {
                        update control {
                       {
                Proxy-To-Realm == "xyz.com"
        }         
realm xyz.com {
type            = radius
authhost        = 123.123.123.1:1812
accthost        = 123.123.123.1:1813
secret          = password
nostrip
}
}

if (control:Auth-Type := "PAP") {
                        update control {
                       {
                Proxy-To-Realm == "xyz.com"
        }         
realm xyz.com {
type            = radius
authhost        = 123.123.123.2:1812
accthost        = 123.123.123.2:1813
secret          = password
nostrip
}
}
 
Got error while startup the freeradius

Error: /etc/freeradius/sites-enabled/default[212]: ERROR: No value given for attribute {
Error: /etc/freeradius/sites-enabled/default[211]: Failed to parse "update" subsection.
Error: /etc/freeradius/sites-enabled/default[62]: Errors parsing authorize section.

What is my mistake?


Thanks


KH


----- Original Message ----
From: Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Sent: Fri, December 18, 2009 4:22:39 AM
Subject: Re: proxy same realm but different authentication protocol to different server

Hi,

> Am I possible to do these?
> 
> 1. proxy realm xyz.com (PAP/CHAP) to server#1
> 
> 2. proxy realm xyz.com (PEAP) to server#2

yes, in many varied ways.... you could doa  check of Auth-Type
at the end of the authorise section..and then if realm = xyz.com
update the control to proxy to server1 it its PAP or CHAP
or if its EAP then proxy it to server2 

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


      



More information about the Freeradius-Users mailing list