Hi, Thanks for that Alan. :) I have been looking at this today but it doesn't appear that I can 'pass' the user's realm (from the username [EMAIL PROTECTED]) into the users file as an attribute? Is that the case or am I looking in the wrong place?
For example I want to be able to do this but it doesn't work, is there a way that I can achieve this? foo.com and foobar.com are my two local realms, NULL realms are also used locally. 10.0.0.1 and 10.0.0.2 are both local RADIUS servers, 192.168.0.1 is a remote radius proxy server. A Request from NAS 10.0.0.1 should get forwarded to rad1, unless the realm is 'unknown' but not NULL, in which case it should be forwarded to rad3. DEFAULT NAS-IP-Address==10.0.0.1, Realm==NULL, Proxy-To-Realm := rad1 DEFAULT NAS-IP-Address==10.0.0.1, Realm==foo.com, Proxy-To-Realm := rad1 DEFAULT NAS-IP-Address==10.0.0.1, Realm==foobar.com, Proxy-To-Realm := rad1 DEFAULT NAS-IP-Address==10.0.0.1, Realm==unknown, Proxy-To-Realm := rad3 Similarly, A Request from NAS 10.0.0.2 should get forwarded to rad2, unless the realm is 'unknown' but not NULL, in which case it should be forwarded to rad3. DEFAULT NAS-IP-Address==10.0.0.2, Realm==NULL, Proxy-To-Realm := rad2 DEFAULT NAS-IP-Address==10.0.0.2, Realm==foo.com, Proxy-To-Realm := rad2 DEFAULT NAS-IP-Address==10.0.0.2, Realm==foobar.com, Proxy-To-Realm := rad2 DEFAULT NAS-IP-Address==10.0.0.2, Realm==unknown, Proxy-To-Realm := rad3 Finally, all incoming RADIUS requests from the external server (which is actually Rad3) should get forwarded to rad2. DEFAULT NAS-IP-Address==192.168.0.1, Realm==foo.com, Proxy-To-Realm := rad2 DEFAULT NAS-IP-Address==192.168.0.1, Realm==foobar.com, Proxy-To-Realm := rad2 In theory that is what I want to achieve, but unfortunately the Realm attribute doesn't appear to work like that. Any help would be gratefully received. Many thanks, Jezz Palmer. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:freeradius- > [EMAIL PROTECTED] On Behalf Of Alan DeKok > Sent: 19 May 2005 17:47 > To: [email protected] > Subject: Re: Proxying on Realm and NAS? > > "Palmer J.D.F." <[EMAIL PROTECTED]> wrote: > > Could someone tell me if it's possible to use Freeradius to proxy radius > > requests to different radius servers depending on a combination of a > user's > > realm and the originating NAS-IP-Address; or any other distinguishable > NAS > > variable for that matter. > > > DEFAULT Attribute-Foo == Value, Attribute-Bar == value, Proxy-To- > Realm := foo.com > > Alan DeKok. > ] > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
