Well, we can certainly finagle that in Unlang, with a little thinking. I played with that earlier in this project. Happy to leave module/realm if that's the best route, and that means I can probably pull all of that out of proxy.conf, too.
I don't think we'll run into the internal proxy chain problem, since we're sending the inner tunnel off to IAS. I'll keep this in mind if it seems to be randomly breaking, though. Thanks for the prompt response. - Jacob On 4 Aug 2011, at 15:54, Arran Cudbard-Bell wrote: > The whole realms/ suffix/ prefix methodology has been obsoleted by Unlang. > > If you load up policy.conf in the master branch (use GitHub) there's an > example of proxying using unlang. Just re-parse the User-Name string each > time a request comes into one of the Virtual Servers. > > Incidentally, been down that route many years ago. I think you're maybe the > second or third person on the list who's asked about this. Yes it's a > brilliant way to organise the server. No it won't work out like you want it > to. > > FreeRADIUS does not have unlimited internal proxy hops. So if you have an > outer listen server, which proxies to another outer server, with > un-encapsulates EAP and proxies to an inner server, which proxies to another > inner server, somewhere in that line of proxying you'll hit a random error > and the request will fail. > > I keep poking Alan to fix it, but he says its hard. > > -Arran > > Arran Cudbard-Bell > [email protected] > > RADIUS - Half the complexity of Diameter > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
