Alan DeKok schrieb:
Norbert Wegener wrote:
That configuration can be added manually, by doing internal proxying
to the virtual server.
Will this also be possible, when freeradius gets its information out of
a mysql database?
Of course!
The only place to modify addresses I found is the preproxy_users file,
which seems to be used by the rlm_files module only.
I'm not sure what that means...
You could do something like:
...
update control {
Proxy-To-Realm := "%{sql:SELECT ... from.. where
%{NAS-IP-Addres}"
}
OK, but I did not yet hear about that before and it seems no topic for
the mass media: googling for Proxy-To-Realm gives 94 results.
Could you describe more of your requirements??
In a greater installation there are numerous different rules for vlan
assignements. Before applying even the slightest configuration change to
a production system, I want to make sure, that as much different
configurations as possible have been checked to deliver those attributes
that they are expected to.
Obviously a part of those checks can be done using radtest. Running
radtest with nasip as an argument should therefore bring freeradius to
use the server the nasip belongs to, and not the server the machine
running radtest belongs to.
Btw: Is eapol_test *the* tool to do such checks in an automated way for
eap/tls authentications or is there a better one available?
Norbert Wegener
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
