Alan DeKok wrote:
Samuel Degrande <[EMAIL PROTECTED]> wrote:I don't find a way to add a NAS-Identifier value inside the proxied request, so that B server could check it...That's because the NAS didn't send it. FreeRADIUS doesn't add one, so...I tried: <username> Proxy-To-Realm := <realm>, NAS-Identifier := <id> and <username> Proxy-To-Realm := <realm>, NAS-Identifier += <id>That won't work in the "users" file. You have to set the NAS-Identifier in the preproxy_users file.
works just fine. thanks a lot !
How to configure the A server so that if B rejects the request, then A will check in a local user base (through pam) ?That's a little harder. The server isn't designed to do that easily.
arghhh... but even if it's not easy, is there a solution ? :-) I did think of a hack, but it's not really a good solution I guess : - use a pam authentication, and - write a specific pam_radius module which will first request the remote radius server and then search in the local user base...
Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Samuel Degrande LIFL - UMR8022 CNRS - INRIA Futurs - Bat M3 Phone: (33)3.28.77.85.30 USTL - Universite de Lille 1 Fax: (33)3.28.77.85.37 59655 VILLENEUVE D'ASCQ CEDEX - FRANCE [CA certs: http://igc.services.cnrs.fr/CNRS-Standard/recherche.html ]
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html