Jarrod Sayers [EMAIL PROTECTED] wrote:
Picture Cisco Aironet 1200's with multiple SSID's, all pointing back
to a single instance of FreeRADIUS. The access point is relying on
the RADIUS reply to determine if the user should be moved to another
SSID and without it, assumes the one they
Yep. I use attrs.pre-proxy and attrs files to do what they say on the tin.
(Strip unwanted pairs pre and post proxy) then I add back in the pairs I want
with rewrite rule and/or module (Module order is important here). For example
this lets me strip Framed-IP-Address and then add one from
An example would be handy :)
Jarrod.
On Mon, 16 Oct 2006, Peter Nixon wrote:
Yep. I use attrs.pre-proxy and attrs files to do what they say on the tin.
(Strip unwanted pairs pre and post proxy) then I add back in the pairs I want
with rewrite rule and/or module (Module order is important
The concept is close, but the effect I need is silently add or replace
these attributes from any proxy reply. While I am slightly concerned
that a realm neighbor would have the power to alter what tunnel group
they land in, I am also concerned about proxy replies that come back
without
This is trivial to do on CVS head (We are using these features in production).
1.1.3 is pretty limited in this regard..
Cheers
Peter
On Sun 15 Oct 2006 15:23, Jarrod Sayers wrote:
The concept is close, but the effect I need is silently add or replace
these attributes from any proxy reply.
Thanks Peter, any tips on how you have done this? I'll look at
upgrading a development box to head today if it means I can resolve
this problem.
Jarrod.
On 16/10/2006, at 12:45 AM, Peter Nixon wrote:
This is trivial to do on CVS head (We are using these features in
production).
1.1.3
Hi,
I have a FreeRADIUS 1.1.2 box which its only job in life is to proxy
requests based on realms, i.e., no local authentication is done. One
of the realms is internal to the organisation (lets call that
internal.org.com.au) and I trust the variables being returned,
however I have no
Seems to me that you need to know which RADIUS box you sent the proxy
request
to and which destinations it is allowed to return. Then, you should
be able to map
any responses which don't match those tuples to proxy-reject with an
error
indicating that the proxy returned nefarious content.
8 matches
Mail list logo