On 10/21/2010 08:55 AM, Chidanand Gangur wrote:
I have collected logs for full session of host authentication, log is
pasted below.
As mentioned in my previous mail I just want to proxy the host
authentication request to the home server, is it possible?
You didn't mention that in your original email.
As I've said - the "host/foo" syntax is NOT an IPASS username. It may
have the same format, but you do not want to process it using that realm.
If you want to proxy these requests, I would recommend doing the following:
1. Define the realm you are proxying to in "proxy.conf"
2. In "authorize", do the following:
authorize {
... # N.B do not have the "IPASS", "suffix" or "ntdomain"
... # modules before this point, they'll confuse things
if (User-Name =~ /^host\//) {
update control {
Proxy-To-Realm := THEREALM
}
}
...
}
...then FreeRadius will do the right thing.
Out of interest, why do you want to proxy them? You are presumably aware
that FreeRadius can, if correctly setup, perform the machine
authentication itself?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
