Set up proxy.conf with entries for the right ports, then you
should be able to do something like (example, untested):
authorize {
if (Calling-Station-Id =~ /^.*:([a-zA-Z]+)$/) {
update control {
Tmp-String-0 := %{1}
}
}
switch "%{Tmp-String-0}" {
case 'TEST' {
update control {
Proxy-To-Realm := testproxy
}
}
case 'WIFI' {
update control {
Proxy-To-Realm := wifiproxy
}
}
...
}
}
This should work between different servers; I'm not sure if you'll
hit the "only one internal proxy" limit on one server.
Matthew
Using a wide filter capture i get
rad_recv: Access-Request packet from host 172.23.255.199 port 56097,
id=53, length=232
User-Name = "nag...@ac-orleans-tours.fr"
Calling-Station-Id = "8C-77-12-53-62-0E"
NAS-IP-Address = 172.23.255.199
NAS-Port = 16
Called-Station-Id = "C0-8A-DE-FA-E9-58:WIFI-ACAD"
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "C0-8A-DE-FA-E9-58"
Connect-Info = "CONNECT 802.11g/n"
EAP-Message =
0x0200001f016e6167696f734061632d6f726c65616e732d746f7572732e6672
Vendor-25053-Attr-3 = 0x574946492d41434144
Message-Authenticator = 0xc6f0db77bf6435b74051b3b3db278ca3
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++? if (Called-Station-Id =~ /^.*:(.*)$/)
? Evaluating (Called-Station-Id =~ /^.*:(.*)$/) -> TRUE
++? if (Called-Station-Id =~ /^.*:(.*)$/) -> TRUE
++- entering if (Called-Station-Id =~ /^.*:(.*)$/) {...}
+++[control] returns notfound
++- if (Called-Station-Id =~ /^.*:(.*)$/) returns notfound
expand: %{Tmp-String-0} ->
++- entering switch %{Tmp-String-0} {...}
+++- switch %{Tmp-String-0} returns notfound
++- group authorize returns notfound
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
