Massimiliano Liccardo wrote:
> I'm using a freeRADIUS to proxy different realm to home servers.
> I need to use different rlm_modules for each realm during pre-proxy and
> post-proxy but I cannot realize how to set something like Autz-Type..
I need exactly the same thing as you, and I found a workaround which
doesn't use {Pre,Post}-Proxy-Type.
Put "post_proxy_authorize = yes" in your proxy.conf file. This will
make the request run the authorize section twice: one time when the
request comes from the NAS, and one more time when the request comes
from the realm server.
In the authorize section, it's very important that you execute the
rlm_files module *before* rlm_realm.
authorize {
preprocess
files
realm
Autz-Type pre-proxy.foo.net {
...
}
Autz-Type post-proxy.foo.net {
...
}
Autz-Type pre-proxy.bar.com {
...
}
Autz-Type pre-proxy.bar.com {
...
}
...
}
In the users file, you know if the you handle the request coming from
the NAS (pre-proxy) or the realm server (post-proxy) by testing the
variable "Realm". The order of the lines is important there, too.
DEFAULT Realm == "foo.net", Autz-Type := post-proxy.foo.net
DEFAULT User-Name =~ "@foo\\.net", Autz-Type := pre-proxy.foo.net
...
You should manage to handle your setup like this, but it is nothing
more that a workaround. The configuration is error prone, and the
post_proxy_authorize is a deprecated option. However, I didn't manage
to do the same thing otherwise until now.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
