> From: Alex Chen > Sent: Friday, 26 September 2003 8:34 AM > > From: Paul Hampson > > Sent: Thursday, September 25, 2003 3:03 PM
> > > 2. If the server is a proxy server, and I want the exec to > > be called when > > > the authentication > > > is successful, i.e. the master server reply with > > Access-Accept, do I > > > still put the exec in > > > 'post-auth' section, i.e. the same place when the server > > is a master > > > server itself? > > > What should the input_pairs and output_pairs be using? > > 'proxy-request' > > > and 'proxy-reply'? > > > Will it be OK if I still use 'request' and 'reply' even > > if the server is > > > running as a proxy? > > > > Umm, you could (probably) put it in the post-proxy section. > > > > As for which pairs to use, do you want to operate on the > > pairs you sent the > > proxy, the pairs the proxy sent back, or the pairs you're > > sending to the client, > > or the pairs the client sent to you? > > > > That should determine which of request, reply, proxy-request > > or proxy-reply you > > want. (Not in that order, mind you.) > If I understand correctly it would look like this: > > input_pairs = request > NAS -----------------------> Server > <----------------------- > output_pairs = reply > > If the exec runs on Server, it only has 'request' and 'reply' to work on. > > input_pairs = request input_pairs = proxy-request > NAS -----------------------> Proxy ---------------------------> Server > <----------------------- <------------------------- > output_pairs = reply output_pairs = proxy-reply > > If the exec runs on Proxy and it wants to operate on the attributes sent > from > NAS or attributes sent to NAS, it would use 'request' and 'reply', > respectively. > If it wants to operate on the attributes sent by the proxy to the server, > and the > attributes sent from the server back to the proxy, it would use > 'proxy-request' and > 'proxy-reply'. > > Is this correct? That's how I understand it too, yes. :-) Although the input_pairs and output_pairs in the diagrams above could be either either input_pairs or output_pairs although there are some combinations with limited usefulness, of course. -- ========================================================= Paul "TBBle" Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] On a sidewalk near Portland State University someone wrote `Trust Jesus', and someone else wrote `But Cut the Cards'. --------------------------------------------------------- Random signature generator 3.0 by Paul "TBBle" Hampson ========================================================= - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
