> What is the proper way to configure for proxy but maintain a list of users
> that are accepted/rejected either without consulting the master server or
> overriding the response from the master server?
I figured it out.
I had failed to notice the example of "terminate PEAP or EAP-TTLS locally"
in the proxy.conf file. It was that example that lead me to do the
following which worked:
-----------------users-----------------
000200000001 Auth-Type := Accept
002000000002 Auth-Type := Accept
DEFAULT Proxy-To-Realm := RRDCORP
-----------------users-----------------
-----------------proxy.conf-----------------
realm RRDCORP {
type = radius
authhost = 10.225.xxx.xx:1812
accthost = 10.225.xxx.xx:1813
secret = xxxxxxxx
}
-----------------proxy.conf-----------------
Using this configuration, if a MAC address (username) is in my users list
the Accept or Reject is issued without consulting the master RADIUS server.
If it is not in my users list, the response from the master RADIUS server is
used.
Dennis Beach
Systems Engineer
RR Donnelley, Information Technology
(765) 364-4604 - phone
(765) 230-6111 - cellular
(765) 364-3056 - fax
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
