I have a situation where I need to proxy (authentication and accounting) based not on realm, but on whether our LDAP database contains the user name.
For authentication this is easy, but for accounting, it proves a little more difficult.
I currently have access types divided into huntgroups (eg dialup, adsl, etc), and there is only one huntgroup that I want/need to do this user based proxying for.
What I want to do is to be able to check the huntgroup, and then, based on the huntgroup, check ldap to see if the user exists. If the user exists, then handle the request locally, otherwise proxy to another realm.
I've modified rlm_preprocess to do huntgroup processing for pre-accounting, and rlm_ldap to do user lookups for pre-accounting. I can supply these patches if desired...
Since the pre-acct section is only run once (as compared to authorization) the only ways I see forward are:
a) set up another RADIUS server to handle this special huntgroup,
b) write a custom module,
c) modify the server core to process pre-accounting twice, as it does for authorisation.
If anyone has any suggestions, I'd be most grateful!
Regards,
Mike
