Second stage authrization with proxy
Matthew Newton
matthew at newtoncomputing.co.uk
Tue May 30 21:14:58 CEST 2017
On Tue, May 30, 2017 at 11:07:03AM +0200, Gianluca BaĆ¹ wrote:
> i would like to forward authorization requests to another Freeradius server
> if the user is not present in the local one.
OK
> authorize {
> ......
> if (!notfound) {
That's if "not notfound" - you probably want if (notfound) {
> update control {
> Proxy-To-Realm := "newrealm"
> }
> }
> ......
> }
>
> For me this condition is never matched.
Did you leave the logic as above? Where did you put it in the
config?
As "notfound" is relevant to the previous module that was called,
location matters. e.g. if you're using ldap, put it after your
ldap call, not at the end of the authorize{} section after pap.
> May you help me please? Do you need other technical details?
Well the full output of radiusd -X means we have some sort of
clue as to what is actually going on.
--
Matthew
More information about the Freeradius-Users
mailing list