Ana Gallardo Gómez wrote:
Hello!

I want to use Freeradius as a proxy Radius server, and I think that my Freeradius don´t have to do authorize and authenticate: my Freeradius have to proccess request with realm "@unex.es", the others request have to be proxyed. My configuration is:

radiusd.conf:

authorize {
    preprocess
    suffix
    files
    Autz-Type LDAP_UNEX_ES{
           ldap_unex_es
        }
mschap eap
}


authenticate {
    ldap_unex_es
    Auth-Type MS-CHAP {
        mschap
    }
    eap
}

users:

DEFAULT     Autz-Type = "LDAP_UNEX_ES"

proxy.conf:

realm unex.es <http://unex.es/> {
    type        = radius
    authhost    = LOCAL
    accthost    = LOCAL
}

realm NULL {
    type        = radius
    authhost    = LOCAL
    accthost    = LOCAL
}

realm DEFAULT {
    type        = radius
    authhost    =  other_server_1
    accthost    = LOCAL
    secret         = ******
    nostrip
}

realm DEFAULT {
    type        = radius
    authhost    =  other_server_2 <http://radius2.rediris.es:1812/>
    accthost    = LOCAL
    secret         = ******
    nostrip
}

- I want to define two instances of "realm DEFAULT", in case one of then fails. It is posible?

Yes. See the comments at the top of proxy.conf

- Have my freeradius to do authorize and autheticate when request have to be proxyed?

No. You're almost there

- I think that in users file I have to distinguish between request with realm "@unex.es" to set Autz-Type = "LDAP_UNEX_ES" and the others...


Yes you do. Try this in the "users" file:

DEFAULT Realm == "DEFAULT"
        Fall-Through = No

DEFAULT Autz-Type := "LDAP_UNEX_ES"


I´m lost with proxy... I need help. Thank you.


You've almost got it. Let us know if you have any problems.



Sorry for my english.

Your english is great.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to