Massimiliano Liccardo wrote: > I'm using a freeRADIUS to proxy different realm to home servers. > I need to use different rlm_modules for each realm during pre-proxy and > post-proxy but I cannot realize how to set something like Autz-Type..
I need exactly the same thing as you, and I found a workaround which doesn't use {Pre,Post}-Proxy-Type. Put "post_proxy_authorize = yes" in your proxy.conf file. This will make the request run the authorize section twice: one time when the request comes from the NAS, and one more time when the request comes from the realm server. In the authorize section, it's very important that you execute the rlm_files module *before* rlm_realm. authorize { preprocess files realm Autz-Type pre-proxy.foo.net { ... } Autz-Type post-proxy.foo.net { ... } Autz-Type pre-proxy.bar.com { ... } Autz-Type pre-proxy.bar.com { ... } ... } In the users file, you know if the you handle the request coming from the NAS (pre-proxy) or the realm server (post-proxy) by testing the variable "Realm". The order of the lines is important there, too. DEFAULT Realm == "foo.net", Autz-Type := post-proxy.foo.net DEFAULT User-Name =~ "@foo\\.net", Autz-Type := pre-proxy.foo.net ... You should manage to handle your setup like this, but it is nothing more that a workaround. The configuration is error prone, and the post_proxy_authorize is a deprecated option. However, I didn't manage to do the same thing otherwise until now. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html