RE: Proxying on Realm and NAS?

Hi,

Thanks for that Alan. :)
I have been looking at this today but it doesn't appear that I can 'pass'
the user's realm (from the username foo@bar.com) into the users file as an
attribute?
Is that the case or am I looking in the wrong place?

For example I want to be able to do this but it doesn't work, is there a way
that I can achieve this?

foo.com and foobar.com are my two local realms, NULL realms are also used
locally. 10.0.0.1 and 10.0.0.2 are both local RADIUS servers, 192.168.0.1 is
a remote radius proxy server.

A Request from NAS 10.0.0.1 should get forwarded to rad1, unless the realm
is 'unknown' but not NULL, in which case it should be forwarded to rad3.

DEFAULT NAS-IP-Address==10.0.0.1, Realm==NULL, Proxy-To-Realm := rad1
DEFAULT NAS-IP-Address==10.0.0.1, Realm==foo.com, Proxy-To-Realm := rad1
DEFAULT NAS-IP-Address==10.0.0.1, Realm==foobar.com, Proxy-To-Realm := rad1
DEFAULT NAS-IP-Address==10.0.0.1, Realm==unknown, Proxy-To-Realm := rad3

Similarly, A Request from NAS 10.0.0.2 should get forwarded to rad2, unless
the realm is 'unknown' but not NULL, in which case it should be forwarded to
rad3.

DEFAULT NAS-IP-Address==10.0.0.2, Realm==NULL, Proxy-To-Realm := rad2
DEFAULT NAS-IP-Address==10.0.0.2, Realm==foo.com, Proxy-To-Realm := rad2
DEFAULT NAS-IP-Address==10.0.0.2, Realm==foobar.com, Proxy-To-Realm := rad2
DEFAULT NAS-IP-Address==10.0.0.2, Realm==unknown, Proxy-To-Realm := rad3

Finally, all incoming RADIUS requests from the external server (which is
actually Rad3) should get forwarded to rad2.

DEFAULT NAS-IP-Address==192.168.0.1, Realm==foo.com, Proxy-To-Realm := rad2
DEFAULT NAS-IP-Address==192.168.0.1, Realm==foobar.com, Proxy-To-Realm :=
rad2

In theory that is what I want to achieve, but unfortunately the Realm
attribute doesn't appear to work like that.

Any help would be gratefully received.

Many thanks,
Jezz Palmer.


> -----Original Message-----
> From: freeradius-users-admin@lists.freeradius.org [mailto:freeradius-
> users-admin@lists.freeradius.org] On Behalf Of Alan DeKok
> Sent: 19 May 2005 17:47
> To: freeradius-users@lists.freeradius.org
> Subject: Re: Proxying on Realm and NAS?
>
> "Palmer J.D.F." <J.D.F.Palmer@swansea.ac.uk> wrote:
> > Could someone tell me if it's possible to use Freeradius to proxy radius
> > requests to different radius servers depending on a combination of a
> user's
> > realm and the originating NAS-IP-Address; or any other distinguishable
> NAS
> > variable for that matter.
>
>
> DEFAULT Attribute-Foo == Value, Attribute-Bar == value, Proxy-To-
> Realm := foo.com
>
> Alan DeKok.
> ]
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html