piston wrote:
> Due some limitation, my partner is using two different server to handle
> different auth-type (PAP / EAP), said server1 only take PAP cannot handle
> EAP, server 2 take EAP cannot handle PAP.
>
> But their user (realm xyz.com), login at my location maybe authenticate by
> PAP or EAP, depending what kind of services they're selected.
Yes...
> My challenge is how to proxy the same realm to two different server depending
> on the auth-type.
Define two realms: PAP.xyc.com, and EAP.xyz.com. These should have
the server IPs and secrets for the relevant servers.
Then, define a realm xyz.com:
realm xyz.com {
# NOTHING
}
In "authorize", *after* the "realms" module, do:
if (Realm == "xyz.com") {
if (EAP-Message) {
update control {
Proxy-To-Realm := "EAP.xyz.com"
}
}
else {
update control {
Proxy-To-Realm := "PAP.xyz.com"
}
}
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
