>> Hi all, >> >> I'm using freeradius 2.1.3 and setting up a realm-based proxy server. >> In users file, I add line like following: >> >> >> DEFAULT Aruba-Essid-Name == "NewSSID", Realm == >> "realm1.my.domain", Proxy-to-realm := "test1.my.domain", >> aruba-user-vlan := 191 >> Fall-Through = 1 >> >> Request can be proxied to test1.my.domain if the realm >> "realm1.my.domain" is defined in proxy.conf. Otherwise suffix will >> resolve to DEFAULT realm and thus won't match the line in users file. >> Is it possible to do the same thing without defining the 'virutal' >> realm (realm1.my.domain in my example) in proxy.conf? > >Perhaps. Is everybody for NewSSID suposed to go to that radius server for authentication? If not, in order to tell users apart you need a realm.
Yes, we want to proxy users using different realms to different radius servers for authentication. >> Besides, I'd like to add "aruba-user-vlan := 191" AV pair in the reply >> but can't see it in radclient output. Did I miss anything? > >So add it as a reply item. It's on the check line in your entry. Get it. Thank you very much. /ST Wong - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html