"Luis Guido" <[EMAIL PROTECTED]> wrote:
> Thanks for the tip! I'm going to try but this will work only for leaf
> servers and not for proxy servers (that's what I was trying to
> implement).
Why not?
> The loops that I was trying to prevent are at the Proxy Server level.
> But I guess this is not possible yet right? :(
I don't see why not.
> There's the rest of the config portion of the Proxy Server (for
> RADIATOR) for some Proxy that knows who authenticates users for Realm1
> and Realm2 and the "generic" handler for proxy the unknown realm's.
> The request is "stamped" on the way in with the Identifier value for
> the Client-Identifier variable that can be tested latter.
Ok... so I don't understand why you can't do that with FreeRADIUS.
> On a Freeradius config it would be somewhere on the proxy.conf at the
> Realm entry, I guess....
In radiator, home servers to which packets are sent appear to be
listed as "clients", with "identifiers". FreeRADIUS uses "client"
ONLY to mean machines which send packets to FreeRADIUS.
The entries in "proxy.conf" are called "realms", and are referred to
by realm name.
> # Everything else (that has some realm) will be forward to the TOP
> SERVER
> <Handler Realm = /^.+$/,Client-Identifier=/^(?!TOPPROXY$)/>
In FreeRADIUS (in the CVS head), you can do this (I think) in the
"users" file by:
DEFAULT Realm =~ "^.*$", Proxy-To-Realm := `%{0}`
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
