[E] Re: Can I conditionally proxy?
Alan DeKok
aland at deployingradius.com
Thu Jun 7 23:32:49 CEST 2018
On Jun 7, 2018, at 5:29 PM, Gary Algier <gary.algier at mavenir.com> wrote:
> realm NULL {
>
> if (%{ad_query:ldap:///?samaccountname?sub?&((samaccountname=%u)(memberof=CN=R-Global-ICT-Remote-Access*))}) {
> auth_pool = mfa_pool
That won't work.
> }
> else {
> auth_pool = tms_pool
> }
> }
>
> I got the following error:
> /etc/raddb/proxy.conf[507]: Invalid location for 'if'
> Errors reading or parsing /etc/raddb/radiusd.conf
>
> I guess one is not allowed to use unlang inside a realm?
No. See "man unlang". You are only allowed to use "unlang" inside of *processing* sections, like "authorize".
> What basic concept am I missing?
Configure two pools && two realms in the "proxy.conf" file. Then, put the "if" statements into the "authorize" section. And the contents of the section should set the destination realm.
Alan DeKok.
More information about the Freeradius-Users
mailing list