Jeremiah Peterson wrote:
> I see that it is possible to create realms and have each realm use a
> different proxy, but what I am more interested in is having the
> authentication method be selected based on client.
>
> For example:
>
> If the request comes from IP 10.10.10.10 and user bob then use
> home_server_pool xxx (and return attribute "blah blah blah")
> If the request comes from IP 10.20.20.20 and user bob then use
> home_server_pool yyy (and return attribute "yadda yadda yadda")
> If the request comes from IP 10.30.30.30 and user bob then use
> home_server_pool zzz (and return results from SQL query "xxxxx")
Most of this can be done via "unlang". It has if/then/else checks,
just like you wrote above. You can even update the control items to
have "Home-Server-Pool := xxx".
> I can see how this is done when making the user enter a realm name or prefix
> or suffix to the username, but I don't want to do that for every
> authentication. I want the authentication method to be selected based on the
> client.
You can select the *source* for authentication credentials. You can't
select the authentication *method*. The client selects that. (PAP,
CHAP, etc.)
> I have been searching for details on all the configuration files but I am not
> finding anything very conclusive or explanatory on how to build custom sites.
It's pretty simple:
if ((Packet-Src-IP-Address == 10.10.10.10) && (User-Name == "bob")) {
update control {
Home-Server-Pool := "xxx"
}
}
You can't edit the reply here, because it's set by the home server.
You'll need to set the reply in post-auth.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
