Virtual server by client data
Fajar A. Nugraha
list at fajar.net
Wed Aug 29 11:15:14 CEST 2012
On Wed, Aug 29, 2012 at 3:46 PM, BILLOT
<emmanuel.billot at ac-orleans-tours.fr> wrote:
>> (2) If the request is plain PAP/MSCHAP, you should be able to tell the
>> default virtual server to proxy it to another virtual server using
>> unlang and Proxy-To-Realm
>
> It is. (EAP/TTLS with PAP) I can't see what you mean here.
proxy.conf says
# If you specify a virtual_server here, then requests
# will be proxied internally to that virtual server.
# These requests CANNOT be proxied again, however.
I'm not sure if EAP/TTLS's use of inner-tunnel qualifies as "proxied
again". I assume it is.
I might be wrong though, in which case you can try
if ( check_whatever_attribute_your_NAS_sends_that_contains_client_VLAN ) {
update control {
Proxy-To-Realm := "realm_of_the_virtual_server"
}
}
>
>> (3) use the same virtual server, but do selective processing (with
>> unlang) based on some attributes that the NAS sends. e.g. if an
>> attribute has value A, call module sql1, while if the value is B, call
>> module sql2.
>
> This is a way but i'd like to use 2 differents config (config should change
> in futur for each vlan)
IMHO this is the best method, which should be sufficient for most needs.
--
Fajar
More information about the Freeradius-Users
mailing list