proxy same realm but different authentication protocol to different server
Bjørn Mork
bjorn at mork.no
Fri Jan 29 12:09:21 CET 2010
piston <pistonic at yahoo.com> writes:
> Due some limitation, my partner is using two different server to
> handle different auth-type (PAP / EAP), said server1 only take PAP
> cannot handle EAP, server 2 take EAP cannot handle PAP.
>
> But their user (realm xyz.com), login at my location maybe
> authenticate by PAP or EAP, depending what kind of services they're
> selected.
>
> My challenge is how to proxy the same realm to two different server
> depending on the auth-type.
I think you are missing the fact that you can call the realms whatever
you want when you are using Proxy-To-Realm, completely independent of
the actual user names you are using. So you can have
realm eap.xyz.com {
..
}
realm pap.xyz.com {
..
}
in proxy.conf and then do
update {
Proxy-To-Realm := eap.xyz.com
}
or
update {
Proxy-To-Realm := pap.xyz.com
}
as appropriate. Or maybe just let one of them be the default, defining
the xyz.com realm and only update the requests matching the other type.
Bjørn
More information about the Freeradius-Users
mailing list