Hey thanks! :)
________________________________
From: Phil Mayers <p.may...@imperial.ac.uk>
To: freeradius-users@lists.freeradius.org
Sent: Thursday, September 1, 2011 10:04 PM
Subject: Re: Proxying Based on Criteria Other Than REALM
On 01/09/11 14:53, det.explo...@yahoo.com wrote:
>> Hi,
>>
>> Is it possible to proxy based on a group the user belongs to? Or
>> attribute? Or based on NAS from where the request was received?
>>
>> Aside from REALM, is there any other criteria that can be used to
>> decide whether or not to proxy a request?
There are two attributes:
1. "Realm"; added to the request by e.g. the "suffix" module. Doesn't actually
do anything; just used for logging.
2. "Proxy-To-Realm"; added to the "control" items by the "suffix" module, or by
other config. This is what actually controls proxying.
So for example you can do this:
authorize {
...
if (NAS-IP-Address == 192.0.2.1) {
update control {
Proxy-To-Realm := OTHERSERVER
}
}
...
}
As you can see, you can therefore proxy on any attribute you like, or even on
the output of a script, SQL query, etc.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
