choose proxy based on AD

David McPike davidmcpike at
Wed Sep 29 19:49:08 CEST 2010

Excellent!  Thanks, Alan.  I have all my test cases working now except
for one.  I still need to retain the original realm information in the
supplied User-Name.  The old radius server needs it as part of the
username to know which child domain controller to contact for
authentication, otherwise auth fails.

In other words, if I proxy to the old radius server, the username
needs to be realm\user again.

Thanks for any further insight.

On Wed, Sep 29, 2010 at 11:39 AM, Alan DeKok <aland at> wrote:
> David McPike wrote:
>> The problem is that if the user has not been migrated to the new
>> domain I need to retain the supplied realm information and proxy
>> realm\user to the old radius server.
>> What else can I do to accomplish this?
>  update control {
>        Proxy-To-Realm := "foo"
>  }
>  That is *all* that the "realm" module does.  You can do it, too.  If
> you over-write an existing "Proxy-To-Realm" setting, then the old one is
> ignored, and the new one is applied.
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list