Split authorization / authentication
Emmanuel BILLOT
emmanuel.billot at ac-orleans-tours.fr
Wed Jun 13 15:55:05 CEST 2012
Le 13/06/2012 15:48, Alan DeKok a écrit :
> Emmanuel BILLOT wrote:
>> What module should i use to send MAC adresses to another radius server,
>> and getting back ok/nok before testing EAP ?
> That WILL NOT work. The server cannot proxy and also authenticate users.
>
> This is what a database is for. Put the MAC addresses into a
> database, and query that during the authorization phase.
>
>> Using unlang yes, but what directive should i use ? Proxy cannot be one
>> because MAC adresse has no suffix.
> If you're just going to proxy requests, you can proxy them anywhere
> you want, based on any criteria. Just set Proxy-To-Realm, using the
> realm name.
>
> The default is to proxy via domain suffixes. But other methods can
> also be used. There is no requirement for suffixes to be the *only*
> method of proxying.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok, that was what i wanted to be confirmed. Thanks a lot.
Regards,
--
Emmanuel BILLOT
CATEL - Dpt. Système et Réseaux
Rectorat - Académie d'Orléans-Tours
10, rue Molière - 45000 Orléans
Tél : 02 38 79 45 57
More information about the Freeradius-Users
mailing list