proxy same realm but different authentication protocol to different server
Alan DeKok
aland at deployingradius.com
Fri Jan 29 12:49:59 CET 2010
piston wrote:
> Due some limitation, my partner is using two different server to handle different auth-type (PAP / EAP), said server1 only take PAP cannot handle EAP, server 2 take EAP cannot handle PAP.
>
> But their user (realm xyz.com), login at my location maybe authenticate by PAP or EAP, depending what kind of services they're selected.
Yes...
> My challenge is how to proxy the same realm to two different server depending on the auth-type.
Define two realms: PAP.xyc.com, and EAP.xyz.com. These should have
the server IPs and secrets for the relevant servers.
Then, define a realm xyz.com:
realm xyz.com {
# NOTHING
}
In "authorize", *after* the "realms" module, do:
if (Realm == "xyz.com") {
if (EAP-Message) {
update control {
Proxy-To-Realm := "EAP.xyz.com"
}
}
else {
update control {
Proxy-To-Realm := "PAP.xyz.com"
}
}
}
More information about the Freeradius-Users
mailing list