Proxying Based on Criteria Other Than REALM

Det Det det.explorer at yahoo.com
Fri Sep 2 03:05:51 CEST 2011


Hey thanks! :)



________________________________
From: Phil Mayers <p.mayers at imperial.ac.uk>
To: freeradius-users at lists.freeradius.org
Sent: Thursday, September 1, 2011 10:04 PM
Subject: Re: Proxying Based on Criteria Other Than REALM

On 01/09/11 14:53, det.explorer at yahoo.com wrote:

>> Hi,
>> 
>> Is it possible to proxy based on a group the user belongs to? Or
>> attribute? Or based on NAS from where the request was received?
>> 
>> Aside from REALM, is there any other criteria that can be used to
>> decide whether or not to proxy a request?

There are two attributes:

1. "Realm"; added to the request by e.g. the "suffix" module. Doesn't actually do anything; just used for logging.

2. "Proxy-To-Realm"; added to the "control" items by the "suffix" module, or by other config. This is what actually controls proxying.

So for example you can do this:

authorize {
  ...
  if (NAS-IP-Address == 192.0.2.1) {
    update control {
      Proxy-To-Realm := OTHERSERVER
    }
  }
  ...
}

As you can see, you can therefore proxy on any attribute you like, or even on the output of a script, SQL query, etc.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110901/ec88fc92/attachment.html>


More information about the Freeradius-Users mailing list