Proxying Based on Criteria Other Than REALM
Det Det
det.explorer at yahoo.com
Fri Sep 2 03:05:51 CEST 2011
Hey thanks! :)
________________________________
From: Phil Mayers <p.mayers at imperial.ac.uk>
To: freeradius-users at lists.freeradius.org
Sent: Thursday, September 1, 2011 10:04 PM
Subject: Re: Proxying Based on Criteria Other Than REALM
On 01/09/11 14:53, det.explorer at yahoo.com wrote:
>> Hi,
>>
>> Is it possible to proxy based on a group the user belongs to? Or
>> attribute? Or based on NAS from where the request was received?
>>
>> Aside from REALM, is there any other criteria that can be used to
>> decide whether or not to proxy a request?
There are two attributes:
1. "Realm"; added to the request by e.g. the "suffix" module. Doesn't actually do anything; just used for logging.
2. "Proxy-To-Realm"; added to the "control" items by the "suffix" module, or by other config. This is what actually controls proxying.
So for example you can do this:
authorize {
...
if (NAS-IP-Address == 192.0.2.1) {
update control {
Proxy-To-Realm := OTHERSERVER
}
}
...
}
As you can see, you can therefore proxy on any attribute you like, or even on the output of a script, SQL query, etc.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110901/ec88fc92/attachment.html>
More information about the Freeradius-Users
mailing list