On 6/5/07, Phil Mayers <[EMAIL PROTECTED]> wrote:
Clark J. Wang wrote: > I've configured a proxy RADIUS server in `proxy.conf' and an LDAP server > in `radiusd.conf' and they work well. I want to forward those requests > rejected by the proxy RADIUS server to the LDAP server and > re-authenticate them again. Can I do that in FreeRADIUS? And how? Can't be done. The main reason it hasn't been implemented is that many Radius auth algorithms e.g. EAP involve multiple exchanges. You can't just "break into" the middle of a conversation. In principle it could be done for PAP, and I think CHAP and MS-CHAP. At the moment the easiest way would be to use an Exec-Program and radclient to issue the request to the proxy, and if it fails do the LDAP. Frequently when people ask to do this it's because most of their users live in a remote server but some live in an LDAP server. If that's the case, you can solve the problem other ways.
Thank you very much :-) -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
