Hi Ivan, I can´t thank you enough for the help. >Have different names for a server realm and user domain so you can choose >when to proxy.
Could you please leave me a hont how to do that. Why doesn´t it do PAP? When the connection reach the home server it´s encrypted? // J Ivan Kalik wrote: > >>All users found with SECURACCESS domain in name i.e. "[EMAIL PROTECTED]". >>Proxy them with PAP authentication to "SECURACCCESS" domain IP address >>mentioned in proxy.conf. >> >>>Fall-Through := No >> >>If SECURACCESS domain found in User-Name "[EMAIL PROTECTED]" stop after >>proxying. >> >>So I want to END all EAP tunnels at proxy for ALL domains. Authenticate with >>LDAP except for SECURACCESS domain. IF SECURACCESS domain found, proxy only >>PAP further (to IP address mentioned in proxy.conf). >> >>>Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: calling suffix >>(rlm_realm) for request 0 >>>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Looking up realm >>"SECURACCESS" for User-Name = >"[EMAIL PROTECTED]" >>>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Found realm "SECURACCESS" >> >>So here we found SECURACCESS domain name in User-Name: >> >>>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Adding Stripped-User-Name >>= "joakimlindgren" >>>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Proxying request from user >>joakimlindgren to realm >SECURACCESS >>>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Adding Realm = >>"SECURACCESS" >>>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Preparing to proxy >>authentication request to realm "SECURACCESS" >> >>Where proxying the request to ip address mentioned in proxy.conf (but here >>we don´t end the EAP?) >> > > Have different names for a server realm and user domain so you can choose > when to proxy. Leave user as [EMAIL PROTECTED]; configure SECURACCESS to > be a LOCAL realm; configure home server realm as SECURE and proxy to > that one. > > Again, you should think about 2.0.1 where you can define one virtual > server to deal with @SECURACCESS requests and another for others. > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/Terminate-EAP-PEAP-client-connection-at-FreeRadius-Proxy-and-proxy%28forward%29-request-as-PAP-tp15218593p15242067.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html