piston wrote: > Due some limitation, my partner is using two different server to handle > different auth-type (PAP / EAP), said server1 only take PAP cannot handle > EAP, server 2 take EAP cannot handle PAP. > > But their user (realm xyz.com), login at my location maybe authenticate by > PAP or EAP, depending what kind of services they're selected.
Yes... > My challenge is how to proxy the same realm to two different server depending > on the auth-type. Define two realms: PAP.xyc.com, and EAP.xyz.com. These should have the server IPs and secrets for the relevant servers. Then, define a realm xyz.com: realm xyz.com { # NOTHING } In "authorize", *after* the "realms" module, do: if (Realm == "xyz.com") { if (EAP-Message) { update control { Proxy-To-Realm := "EAP.xyz.com" } } else { update control { Proxy-To-Realm := "PAP.xyz.com" } } } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html