Thanks Phil, thanks a lot It worked. I have multiple home servers configured so I am using your logic like this
if ("%{User-Name}"=~ /^host\/.*testad1.com$/) { update control { Proxy-To-Realm := "testad1.com" } } elsif ("%{User-Name}"=~ /^host\/.*si-test.dssc.com$/) { update control { Proxy-To-Realm := "si-test.dssc.com" } } Thanks, Chidanand On Thu, Oct 21, 2010 at 1:52 PM, Phil Mayers <p.may...@imperial.ac.uk> wrote: > On 10/21/2010 08:55 AM, Chidanand Gangur wrote: >> >> I have collected logs for full session of host authentication, log is >> pasted below. >> >> As mentioned in my previous mail I just want to proxy the host >> authentication request to the home server, is it possible? > > You didn't mention that in your original email. > > As I've said - the "host/foo" syntax is NOT an IPASS username. It may have > the same format, but you do not want to process it using that realm. > > If you want to proxy these requests, I would recommend doing the following: > > 1. Define the realm you are proxying to in "proxy.conf" > 2. In "authorize", do the following: > > authorize { > ... # N.B do not have the "IPASS", "suffix" or "ntdomain" > ... # modules before this point, they'll confuse things > > if (User-Name =~ /^host\//) { > update control { > Proxy-To-Realm := THEREALM > } > } > ... > } > > ...then FreeRadius will do the right thing. > > Out of interest, why do you want to proxy them? You are presumably aware > that FreeRadius can, if correctly setup, perform the machine authentication > itself? > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Chidanand Gangur Pune. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html