Radius proxy - kind of

Matija Levec Matija.Levec at astec.si
Tue Sep 28 12:14:18 CEST 2010


I still can't find solution to my problem in documentation so I'll rephrase the question.

Is it possible to proxy requests in a way analogous to  bogus example below?

realm example.com {
	auth_pool = pool1 {
		reject = 1
		ok = return
	auth_pool = pool2 {
		reject = 1
		ok = return
}  # Authentication fails only if both pools return reject.

I know documentation says "... It proxies packets ONLY when it receives a packet or a re-transmission from the NAS. If the NAS never re-transmits, the proxy never re-transmits, either."

Can someone at least suggest in what direction to look for solution?

Thank you,

>>> Matija Levec 24.9.2010 16:24 >>>
Hi everyone!

First a little bit of explaining...

		- auth_server 1
client - fr_proxy -[
		- auth_server 2
(client=random NAS, fr_proxy=freeradius, auth_server=two-factor auth server(s))

Currently we have clients authenticating directly to auth_server 1.
We would like to gradually (and transparently) move users to new authenticators which use auth_server 2

What I would like to accomplish is: If auth_server 1 returns notfound or reject or fail, proxy request to  auth_server 2
Is it possible to use 'configurable module fail over'-like syntax for configuring proxy (home)servers?

I hopes this makes sense.
Anyway... all ideas appreciated!


More information about the Freeradius-Users mailing list