Radius proxy - kind of
Matija Levec
Matija.Levec at astec.si
Tue Sep 28 12:14:18 CEST 2010
Hi!
I still can't find solution to my problem in documentation so I'll rephrase the question.
Is it possible to proxy requests in a way analogous to bogus example below?
realm example.com {
auth_pool = pool1 {
reject = 1
ok = return
}
auth_pool = pool2 {
reject = 1
ok = return
}
} # Authentication fails only if both pools return reject.
I know documentation says "... It proxies packets ONLY when it receives a packet or a re-transmission from the NAS. If the NAS never re-transmits, the proxy never re-transmits, either."
Can someone at least suggest in what direction to look for solution?
Thank you,
Matija
>>> Matija Levec 24.9.2010 16:24 >>>
Hi everyone!
First a little bit of explaining...
- auth_server 1
client - fr_proxy -[
- auth_server 2
(client=random NAS, fr_proxy=freeradius, auth_server=two-factor auth server(s))
Currently we have clients authenticating directly to auth_server 1.
We would like to gradually (and transparently) move users to new authenticators which use auth_server 2
Question
What I would like to accomplish is: If auth_server 1 returns notfound or reject or fail, proxy request to auth_server 2
Is it possible to use 'configurable module fail over'-like syntax for configuring proxy (home)servers?
I hopes this makes sense.
Anyway... all ideas appreciated!
Regards,
Matija
More information about the Freeradius-Users
mailing list