Proxying Based on Criteria Other Than REALM
Phil Mayers
p.mayers at imperial.ac.uk
Thu Sep 1 16:04:24 CEST 2011
On 01/09/11 14:53, det.explorer at yahoo.com wrote:
>> Hi,
>>
>> Is it possible to proxy based on a group the user belongs to? Or
>> attribute? Or based on NAS from where the request was received?
>>
>> Aside from REALM, is there any other criteria that can be used to
>> decide whether or not to proxy a request?
There are two attributes:
1. "Realm"; added to the request by e.g. the "suffix" module. Doesn't
actually do anything; just used for logging.
2. "Proxy-To-Realm"; added to the "control" items by the "suffix"
module, or by other config. This is what actually controls proxying.
So for example you can do this:
authorize {
...
if (NAS-IP-Address == 192.0.2.1) {
update control {
Proxy-To-Realm := OTHERSERVER
}
}
...
}
As you can see, you can therefore proxy on any attribute you like, or
even on the output of a script, SQL query, etc.
More information about the Freeradius-Users
mailing list