Ana Gallardo Gómez wrote:
Hello!
I want to use Freeradius as a proxy Radius server, and I think that my
Freeradius don´t have to do authorize and authenticate: my Freeradius
have to proccess request with realm "@unex.es", the others request have
to be proxyed. My configuration is:
radiusd.conf:
authorize {
preprocess
suffix
files
Autz-Type LDAP_UNEX_ES{
ldap_unex_es
}
mschap
eap
}
authenticate {
ldap_unex_es
Auth-Type MS-CHAP {
mschap
}
eap
}
users:
DEFAULT Autz-Type = "LDAP_UNEX_ES"
proxy.conf:
realm unex.es <http://unex.es/> {
type = radius
authhost = LOCAL
accthost = LOCAL
}
realm NULL {
type = radius
authhost = LOCAL
accthost = LOCAL
}
realm DEFAULT {
type = radius
authhost = other_server_1
accthost = LOCAL
secret = ******
nostrip
}
realm DEFAULT {
type = radius
authhost = other_server_2 <http://radius2.rediris.es:1812/>
accthost = LOCAL
secret = ******
nostrip
}
- I want to define two instances of "realm DEFAULT", in case one of then
fails. It is posible?
Yes. See the comments at the top of proxy.conf
- Have my freeradius to do authorize and autheticate when request have
to be proxyed?
No. You're almost there
- I think that in users file I have to distinguish between request with
realm "@unex.es" to set Autz-Type = "LDAP_UNEX_ES" and the others...
Yes you do. Try this in the "users" file:
DEFAULT Realm == "DEFAULT"
Fall-Through = No
DEFAULT Autz-Type := "LDAP_UNEX_ES"
I´m lost with proxy... I need help. Thank you.
You've almost got it. Let us know if you have any problems.
Sorry for my english.
Your english is great.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html