Can I conditionally proxy?

Nathan Ward lists+freeradius at daork.net
Wed Jun 6 19:44:40 CEST 2018


> On 6/06/2018, at 6:38 PM, Gary Algier <gary.algier at mavenir.com> wrote:
> 
> Hello,
> 
> I have used FreeRADIUS before as a RADIUS server but I now wish to use it as a conditional proxy.
> 
> We have two RADIUS servers that implement 2 factor authentications.   We wish to migrate from the old system to the new system a few users at a time.
> 
> I would like to setup FreeRADIUS to do something like this:
> if (the user is in a particular AD group) {// I can do an LDAP lookup, if necessary
> proxy to the new 2fa system
> }
> else {
> proxy to the old 2fa system
> }
> 
> Can anyone help with examples of some sort of conditional proxying?


Yep, this is trivial.

Figure out how to proxy to a single system and get that working - say to your “old 2fa system", you’ll very quickly see how you can modify that to proxy to different systems. You do basically what you described above, but, different proxy to realm etc.

Maybe read the "Proxying from unlang” bit in the config/Proxy page in the wiki, if that’s not how you’re doing it already I can see why it may not be obvious :-)

--
Nathan Ward




More information about the Freeradius-Users mailing list