Hi again, I mean: how to detect a special name in the request. And to NOT proxy local calls... Is my configuration OK?
// J Jayal1972 wrote: > > Hi Ivan, I can´t thank you enough for the help. > >>Have different names for a server realm and user domain so you can choose >>when to proxy. > > Could you please leave me a hont how to do that. > > Why doesn´t it do PAP? When the connection reach the home server it´s > encrypted? > > // J > > > > Ivan Kalik wrote: >> >>>All users found with SECURACCESS domain in name i.e. "[EMAIL PROTECTED]". >>>Proxy them with PAP authentication to "SECURACCCESS" domain IP address >>>mentioned in proxy.conf. >>> >>>>Fall-Through := No >>> >>>If SECURACCESS domain found in User-Name "[EMAIL PROTECTED]" stop after >>>proxying. >>> >>>So I want to END all EAP tunnels at proxy for ALL domains. Authenticate with >>>LDAP except for SECURACCESS domain. IF SECURACCESS domain found, proxy only >>>PAP further (to IP address mentioned in proxy.conf). >>> >>>>Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: calling suffix >>>(rlm_realm) for request 0 >>>>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Looking up realm >>>"SECURACCESS" for User-Name = >"[EMAIL PROTECTED]" >>>>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Found realm "SECURACCESS" >>> >>>So here we found SECURACCESS domain name in User-Name: >>> >>>>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Adding Stripped-User-Name >>>= "joakimlindgren" >>>>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Proxying request from user >>>joakimlindgren to realm >SECURACCESS >>>>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Adding Realm = >>>"SECURACCESS" >>>>Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Preparing to proxy >>>authentication request to realm "SECURACCESS" >>> >>>Where proxying the request to ip address mentioned in proxy.conf (but here >>>we don´t end the EAP?) >>> >> >> Have different names for a server realm and user domain so you can choose >> when to proxy. Leave user as [EMAIL PROTECTED]; configure SECURACCESS to >> be a LOCAL realm; configure home server realm as SECURE and proxy to >> that one. >> >> Again, you should think about 2.0.1 where you can define one virtual >> server to deal with @SECURACCESS requests and another for others. >> >> Ivan Kalik >> Kalik Informatika ISP >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> > > -- View this message in context: http://www.nabble.com/Terminate-EAP-PEAP-client-connection-at-FreeRadius-Proxy-and-proxy%28forward%29-request-as-PAP-tp15218593p15242083.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html