How to proxy only any type of requests
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Mon Nov 14 19:22:21 CET 2011
Hi,
> I a newbie freeradius user and I have a new problem. I have a switch
> that send auth request to a FreeRadius. I need that if the auth
> request if for a windows user (for example user NTCETEMMSA\guillem)
> resend the request to a windows nps server, but, if the auth request
> is a MAC address (for example 00-24-54-3E-04-5A/NOPASSWORD), the FR
> use the users file for auth this.
>
> The problem is that the FR always auth only with users file or always
> auth only with the windows nps server.
you just need to deal with the REALM component...many ways to
do this...but I would personally use unlang... eg in your
virtual-server configuration, in authorize, put
if("%{User-Name}" =~ /\\/i) {
update control {
Proxy-To-Realm := 'nps'
}
}
then, add 'nps' to your proxy.conf file as you have DEFAULT
you could also add another check for if its MAC if you want belt-and-braces
(check for the correct MAC format and then sent to local or null realm.)
> This is my proxy.conf server:
>
> realm LOCAL {
> }
>
> realm NULL {
> type=LOCAL
> nostrip
you dont need those 2 entriess....remove LOCAL and remove nostrip
> And my users fils:
>
> "00-24-54-3E-04-5A" Auth-Type := "Local", User-Password = "NOPASSWORD"
^^^^^^^^^^^^^^^^^^^^^
you dont need Auth-Type. the server has intelligence.
you certainly dont want User-Password. it should read
Cleartext-Password := "NOPASSWORD"
alan
More information about the Freeradius-Users
mailing list