>All users found with SECURACCESS domain in name i.e. "[EMAIL PROTECTED]". >Proxy them with PAP authentication to "SECURACCCESS" domain IP address >mentioned in proxy.conf. > >>Fall-Through := No > >If SECURACCESS domain found in User-Name "[EMAIL PROTECTED]" stop after >proxying. > >So I want to END all EAP tunnels at proxy for ALL domains. Authenticate with >LDAP except for SECURACCESS domain. IF SECURACCESS domain found, proxy only >PAP further (to IP address mentioned in proxy.conf). > >>Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: calling suffix >(rlm_realm) for request 0 >>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Looking up realm >"SECURACCESS" for User-Name = >"[EMAIL PROTECTED]" >>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Found realm "SECURACCESS" > >So here we found SECURACCESS domain name in User-Name: > >>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Adding Stripped-User-Name >= "joakimlindgren" >>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Proxying request from user >joakimlindgren to realm >SECURACCESS >>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Adding Realm = >"SECURACCESS" >>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Preparing to proxy >authentication request to realm "SECURACCESS" > >Where proxying the request to ip address mentioned in proxy.conf (but here >we don´t end the EAP?) >
Have different names for a server realm and user domain so you can choose when to proxy. Leave user as [EMAIL PROTECTED]; configure SECURACCESS to be a LOCAL realm; configure home server realm as SECURE and proxy to that one. Again, you should think about 2.0.1 where you can define one virtual server to deal with @SECURACCESS requests and another for others. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html