On 7 Oct 2011, at 15:28, Robert Roll wrote:

> Good thought, but it doesn't seem to do the trick, but thanks..
> 
>> Why don't you just avoid starting the proxy in the first place...
> 
> I want to actually proxy to a remote server, but they might send it back for 
> further authentication..
> I need to detect and handle that, otherwise there would be a loop...

Ditch rlm_realm and use your own condition in authorize.

authorize {
        preprocess

        split_username_nai
        
        if(Stripped-User-Domain != 'my_local_realm' && Huntgroup-Name != 
'servers_I_might_proxy_to'){
                update control {
                        Proxy-To-Relam := 'my_remote_realm'
                }
        }
        else {
                # Local processing...
        }
}

You can also use %{Proxy-State[#]} to determine whether the request has already 
been proxied

if("%{Proxy-State[#]}"){
        # This request was received from a proxy server
}

-Arran

> 
> 
> Thanks,
> 
> Robert
> 
> 
> ________________________________________
> From: freeradius-users-bounces+robert.roll=utah....@lists.freeradius.org 
> [freeradius-users-bounces+robert.roll=utah....@lists.freeradius.org] On 
> Behalf Of Arran Cudbard-Bell [a.cudba...@freeradius.org]
> Sent: Thursday, October 06, 2011 12:58 PM
> To: FreeRadius users mailing list
> Subject: Re: canceling/redirecting realm in pre-proxy ?
> 
> On 6 Oct 2011, at 20:19, Robert Roll wrote:
> 
>> There seems to be some comments about being able
>> to "cancel" a proxy in the pre-proxy section..
>> 
>> #  When the server decides to proxy a request to a home server,
>> #  the proxied request is first passed through the pre-proxy
>> #  stage.  This stage can re-write the request, or decide to
>> #  cancel the proxy.
>> 
>> What I really want to do is test some variables (unlang)  and based
>> on the outcome, I want to actually handle the request locally
>> rather than proxy. Maybe this is obvious, but I am not seeing it ?
> 
> 
> update control {
>        Proxy-To-Realm := 'local'
> }
> Why d
> Maybe... I'm not sure if it'll work. Why don't you just avoid starting the 
> proxy in the first place...
> 
> -Arran
> 
> Arran Cudbard-Bell
> a.cudba...@freeradius.org
> 
> Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ !
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

Arran Cudbard-Bell
a.cudba...@networkradius.com

Technical consultant and solutions architect

15 Ave. du Granier, Meylan, France
+33 4 69 66 54 50






-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to