From my mobile. So terse...
if("%{Called-Station-Id}" =~ /:eduroam$/){
update control {
proxy-to-server = eduroam
}
}
...or such (there will be some lexical errors above)
Search the mail Archives as there have been similar discussions
PS its 'eduroam', NEVER a capital E
alan
--
This smartphone has free WiFi worldwide with eduroam, now that IS smart
----- Reply message -----
From: "Graeme Hamilton" <[email protected]>
Date: Thu, May 24, 2012 15:36
Subject: Proxying multiple times to virtual and external servers
To: "[email protected]"
<[email protected]>
Hello,
I'm configuring FreeRADIUS (2.1.12) for use as part of our Eduroam deployment.
We're using EAP-MSCHAPv2 authentication, so I've got both an outer and inner
virtual server configured and working correctly. Currently, the outer server
configuration (configured as default i.e. without a 'server' stanza) assumes
that connections from our wireless controller clients are only ever
Eduroam-related, and it processes them accordingly - does realm checks, proxy
logic, mandatory logging, etc. This is acceptable for now, since Eduroam is
currently the only wireless service we provide which uses 802.1X authentication.
Ideally, I'd like a generic default virtual server which would process all
authentications initially, but which would act upon the suffix (e.g.
':eduroam') appended to the Called-Station-Id by our wireless controllers to
proxy the request off to another virtual server dedicated to that particular
function, where further actions specific to that purpose can be carried out.
Reading the comments in proxy.conf suggests that it's possible to proxy
requests containing a particular realm off to another virtual server, but that
such requests cannot subsequently be proxied again. This would break Eduroam,
since visitors to our campus need to have their requests proxied off to the
national proxy servers once we've processed them.
Is there any way to achieve this functionality whilst retaining the ability to
proxy requests multiple times, or should I just dedicate the whole FreeRADIUS
instance to Eduroam and use the functionality of our wireless controllers to
direct authentication attempts on specific SSIDs to specific RADIUS server
groups, if and when the need arises?
Regards,
Graeme
Graeme Hamilton
Senior Network Specialist
Information Services
University of Stirling
--
The Sunday Times Scottish University of the Year 2009/2010
The University of Stirling is a charity registered in Scotland,
number SC 011159.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
