proxy same realm but different authentication protocol to different server

Bjørn Mork bjorn at mork.no
Fri Jan 29 12:09:21 CET 2010


piston <pistonic at yahoo.com> writes:

> Due some limitation, my partner is using two different server to
> handle different auth-type (PAP / EAP), said server1 only take PAP
> cannot handle EAP, server 2 take EAP cannot handle PAP.
>
> But their user (realm xyz.com), login at my location maybe
> authenticate by PAP or EAP, depending what kind of services they're
> selected.
>
> My challenge is how to proxy the same realm to two different server
> depending on the auth-type.

I think you are missing the fact that you can call the realms whatever
you want when you are using Proxy-To-Realm, completely independent of
the actual user names you are using.  So you can have

realm eap.xyz.com {
..
}
realm pap.xyz.com {
..
}

in proxy.conf and then do 

update {
  Proxy-To-Realm := eap.xyz.com
}

or

update {
  Proxy-To-Realm := pap.xyz.com
}

as appropriate.   Or maybe just let one of them be the default, defining
the xyz.com realm and only update the requests matching the other type.



Bjørn




More information about the Freeradius-Users mailing list