On Mon, 5 Nov 2001, Morgan M wrote:
>
> Hi everyone,
>
> Is it possible to forward authentication packets based
> on different DEFAULT realm? What I exactly want to do
> is some sort of roaming support for my users.
>
> I have an entry as DEFAULT in proxy.conf:
>
> real DEFAULT {
> type = radius
> authhost = server1.domain.com:1812
> accthost = server1.domain.com:1813
> secret = secretkey
> }
>
> Now what I want is to check whether a user belongs to
> the unix group 100 or not, if yes then forward him to
> diffrent realm for authentication and accounting.
>
> Does the USERS file get checked before the proxy.conf
> file or after?
>
> Thanks in advance.
>
>grep 100 /etc/group
users:x:100:
>
I think you could do something like this in the users file (I pressume you are
using rlm_unix for user/group information):
DEFAULT Group == "users", Proxy-To-Realm := "realm2"
--
kkalev
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
