On Tue, May 17, 2011 at 7:41 PM, Abbas Yazdanpanah <[email protected]> wrote: > Dear Fajr > > I've read all the documents(it toke about 2 month for me to read and > learn them)
It shouldn't take THAT long :P If you have a problem, you can check whethere it's a known problem in the FAQ. If it's not, follow instructions on http://wiki.freeradius.org/index.php/FAQ#It_still_doesn.27t_work.21 > The easiest solution to this scenario is using three separate > freeRadius servers where first one is a proxy which duplicates the > authentication request to the other servers and the other servers are > responsible for AAA on each resource Step back up a bit. If you said "first one is a proxy which duplicates the authentication request to the other servers", then there should be something that you can use to determine which request go to which server, right? What is that? Is it NAS-IP-address? Is it some other attribute? Whatever it is, you need to know EXACTLY what the criteria is, and what the desired response should be. Like Alan said, use words relevant to radius (like the attribute "NAS-IP-address", or "Realm", or whatever your criteria is) instead of saying "I have two resources, the first one the is Internet and the second is an intranet" Next, you might want to look at unlang (http://freeradius.org/radiusd/man/unlang.html). Basically if you already know the criteria, you can use simple if-else block to return correct response. Last, if you already know how to implement a proxy and two separate freeradius servers to solve your problem, you can just use virtual servers. Start by reading proxy.conf (to understand how to pass a request to a virtual server) as well as sites-available/inner-tunnel and sites-available/virtual.example.com (to see examples of virtual server configurations). -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
