James <[EMAIL PROTECTED]> wrote: > Let suppose we have two companies, A and B, with some traffic agreement. > Now, an user belonging to the network A moves into the network B. > Network B can not authenticate him, so it proxies the request to the radius > server of the network A.
That's the normal proxy scenario. > Once it receives the reply, it would be nice if network B could > limit the access to its resources (for istance allowing the user to > connect to the Internet but not to the local resources) for this > "guest" user. So... network B should configure reply attributes to do that. > Basically what I need is to know if there is some way to perform a > remote authentication and, at the same time, a local authorization > based on the realm information. Yes. The infrastructure is there. All that is required is for you to configure something which matches the realm, and adds the appropriate reply attributes. See "proxy.conf" for comments on how this process works. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
