On Wed, Apr 06, 2005 at 03:30:34PM +0300, Pasi Kärkkäinen wrote:
> Hi!
>
> I've tried to get this working for a long time, trying almost every kind of
> possible solution.. with no luck yet :(
>
> Scenario: NAS uses freeradius-server (proxy) for authentication. Proxy needs
> to also supply Framed-IP-Address back to NAS.
>
> Proxy proxies authentication requests to home servers based on realm.
>
> Now, I _need_ to assign IP-addresses in the _Proxy_ based on realm.
>
> I set up rlm_ippool for each realm. Now, I need to assign Pool-Name
> attribute for all requests based on realm. I do this:
>
I'd like to have some comments to this..
Does *anybody* have solution for this scenario ?
Do I have to write my own module to set up the Pool-Name for proxied
requests?
I also tried setting the Pool-Name in users-file based om Realm.. but that
didn't work either. rlm_ippool still says it cannot find the Pool-Name
attribute.
Thanks for your help!
- Pasi Kärkkäinen
> users-file:
>
> DEFAULT Realm == "foo.com", Post-Proxy-Type := post.proxy.foo
> Fall-Through = 1
>
>
> radiusd.conf:
>
> post-proxy {
>
> Post-Proxy-Type post.proxy.foo {
> rewrite_add_foo_ippool
> }
> }
>
> attr_rewrite rewrite_add_foo_ippool {
> attribute = Pool-Name
> searchin = proxy_reply
> searchfor = ""
> replacewith = "foo_ippool"
> new_attribute = yes
> }
>
>
> post-auth {
>
> foo_ippool
> }
>
>
> Freeradius debug messages when proxy receives authentication request:
>
>
> Module: Instantiated attr_rewrite (rewrite_add_foo_ippool)
> Module: Instantiated ippool (foo_ippool)
> rlm_realm: Looking up realm "foo.com" for User-Name = "[EMAIL PROTECTED]"
> rlm_realm: Found realm "foo.com"
> rlm_realm: Proxying request from user test to realm foo.com
> users: Matched entry DEFAULT at line 154 (this is the Post-Proxy-Type line)
> rad_recv: Access-Accept packet from host 1.2.3.4:1812, id=0, length=235
> Found Post-Proxy-Type post.proxy.foo
> modcall: entering group Post-Proxy-Type for request 0
> rlm_attr_rewrite: Illegal value for searchin. Changing to packet.
> rlm_attr_rewrite: Added attribute Pool-Name with value 'foo_ippool'
> modcall[post-proxy]: module "rewrite_add_foo_ippool" returns ok for request 0
> modcall: group Post-Proxy-Type returns ok for request 0
> authorize: Skipping authorize in post-proxy stage
> rad_check_password: Auth-Type = Accept, accepting the user
> Login OK: [EMAIL PROTECTED] (from client client01 port 0)
> Processing the post-auth section of radiusd.conf
> modcall: entering group post-auth for request 0
> rlm_ippool: Could not find Pool-Name attribute
> modcall[post-auth]: module "foo_ippool" returns noop for request 0
> modcall: group post-auth returns noop for request 0
> Finished request 0
>
>
> I'm using freeradius patch by Nicolas Baradakis <[EMAIL PROTECTED]> which
> enables freeradius (1.02) to run modules in post-proxy {} section. The above
> Post-Proxy-Type foo {} thing does not work without that patch.
>
> But the problem is now how to get the Pool-Name variable set so that
> rlm_ippool works..
>
> Thanks for your help/ideas!
>
> -- Pasi Kärkkäinen
>
> ^
> . .
> Linux
> / - \
> Choice.of.the
> .Next.Generation.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
