Hello all, I have a scenario where a first radius server (R1) proxies the authentication request to another radius server (R2). Later, when the user is authenticated, R1 must access to a LDAP server to recover some network parameters, such as session-timeout or framed-ip-address, and enforce them in the Access Point (AP). Currently, R1 is configured to access to the LDAP server using the user name as filter (filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" in radiusd.conf). My question is, it is possible to configure this filter to use a radius attribute received in the response from R2? I mean, R2 returns in the response an attribute called attr1=val1, and then R1 must use this attribute to search in the LDAP server (¿filter="(uid=%{attr1})" or something similar?)
Internet / User -------- AP ---------- R1 -------- R2 \ LDAP User AP R1 LDAP R2 (authn req.) ------------------------------>---------------------------------------> (authn response + attr1=val1) <---------------------------------------- (search uid=attr1) ------------------> (network params) <------------------ (params) <---------------- (Success) <------------<---------------- Thanks in advance. -- ----------------------------- Manuel Sanchez Cuenca Departamento de Ingenieria de la Informacion y las Comunicaciones Facultad de Informatica. Universidad de Murcia Campus de Espinardo - 30080 Murcia (SPAIN) Tel.: +34-968-364644 Fax: +34-968-364151 email: [EMAIL PROTECTED] | [EMAIL PROTECTED] url: http://libra.inf.um.es/~lolo -- ----------------------------- Manuel Sanchez Cuenca Departamento de Ingenieria de la Informacion y las Comunicaciones Facultad de Informatica. Universidad de Murcia Campus de Espinardo - 30080 Murcia (SPAIN) Tel.: +34-968-364644 Fax: +34-968-364151 email: [EMAIL PROTECTED] | [EMAIL PROTECTED] url: http://libra.inf.um.es/~lolo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html