(RADIATOR) Proxy server client id's
Hugh Irvine
hugh at open.com.au
Tue Sep 18 17:54:32 CDT 2001
Hello Griff -
On Wednesday 19 September 2001 00:53, Griff Hamlin, III wrote:
> Hugh,
>
> In setting up my system with a single radiusd process acting as a proxy
> and other radiusd processes doing the authentication, I have found that
> the proxy server always sends the request to the other servers with the
> client being 127.0.0.1 which is the localhost, instead of the actual
> Client-Id of the request which my backline radius server needs to
> determine NasType information for snmp. How can I have the proxy server
> send that information ?
>
The source IP address from the proxy server will always be localhost when it
is sending to itself, by definition.
What I would suggest is using the Proxy-State attribute to carry the NasType
in the proxied requests. Don't forget to strip it out of the reply sent to
the NAS however.
Something like this:
# Proxy all requests, handle none
<Handler>
<AuthBy LOADBALANCE>
FailureBackoffTime 15
Secret mysecret
RetryTimeout 3
Retries 0
AddToRequest Login-IP-Host=%c, \
Proxy-State = %{Client:NasType}
StripFromReply Proxy-State
# Hosts to proxy for
<Host localhost>
AuthPort 1812
AcctPort 1813
</Host>
<Host localhost>
AuthPort 1647
AcctPort 1648
</Host>
<Host localhost>
AuthPort 1649
AcctPort 1650
</Host>
</AuthBy>
</Handler>
You can then use the Proxy-State attribute on the other servers to do
whatever you need to do.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list