canceling/redirecting realm in pre-proxy ?

Robert Roll Robert.Roll at utah.edu
Fri Oct 7 17:01:43 CEST 2011


Below is my pre-proxy paragraph.. Below that is some output..
It just continues to loop..

It looks like the the test is working..
I don't know if it is meaningful or not, but..

+++[control] returns noop

Does this mean it did NOT set the value local in Proxy-To-Realm ?

Thanks,

Robert



pre-proxy {

   if( "%{Packet-Src-IP-Address}" == '160.36.188.8' ) {
      update control {
              Proxy-To-Realm := 'local'
	  }
   }

}


# Executing section pre-proxy from file /opt/Radius/freeradius/Configs/BackEnd/etc/raddb/proxy.conf
+- entering group pre-proxy {...}
++? if ("%{Packet-Src-IP-Address}" == '160.36.188.8' )
	expand: %{Packet-Src-IP-Address} -> 160.36.188.8
? Evaluating ("%{Packet-Src-IP-Address}" == '160.36.188.8' ) -> TRUE
++? if ("%{Packet-Src-IP-Address}" == '160.36.188.8' ) -> TRUE
++- entering if ("%{Packet-Src-IP-Address}" == '160.36.188.8' ) {...}
+++[control] returns noop
++- if ("%{Packet-Src-IP-Address}" == '160.36.188.8' ) returns noop

________________________________________
From: freeradius-users-bounces+robert.roll=utah.edu at lists.freeradius.org [freeradius-users-bounces+robert.roll=utah.edu at lists.freeradius.org] On Behalf Of Fajar A. Nugraha [list at fajar.net]
Sent: Friday, October 07, 2011 8:41 AM
To: FreeRadius users mailing list
Subject: Re: canceling/redirecting realm in pre-proxy ?

On Fri, Oct 7, 2011 at 8:28 PM, Robert Roll <Robert.Roll at utah.edu> wrote:
> Good thought, but it doesn't seem to do the trick, but thanks..

Really? Where did you put it, in authorize?
It should work in pre-proxy

>
>>Why don't you just avoid starting the proxy in the first place...
>
>  I want to actually proxy to a remote server, but they might send it back for further authentication..
> I need to detect and handle that, otherwise there would be a loop...

for complex scenarios it might be easier to use rlm_perl, or even rlm_exec.

--
Fajar

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list