Re: [Help-gnu-radius] About proxying (fwd)

[Maurice Makaay]

Hi,

> And a little addition to previous message... Where do I define, which 
> shared key the local Radius should use with the remote one?

This is done in the clients file.
 
> I don't know if I have understood everything correctly. Is it possible 
> that I do some user-autentication on local Radius-server and forwad only 
> part of the authentication-requests to remote Radius? Can I for example 
> define which users are authenticated by local Radius and which with 
> remote one? And if so, how is this done?

Realms are invented for this kind of stuff. Using realms it's very easy
to forward certain auth requests. If you define a realm for the users which 
should be handled remotely, you can use the realms file to forward the 
authentication requests. Example realms entry:

  whatever      <remoteradiushost>:<authport>:<acctport>        nostrip

If you have this defined in your realms file and you login using the
username address@hidden, the authentication request will be proxied to
the defined remote radiushost. Take a look at the documentation to find
out the exact semantics of the realms file. In the example above, the
realm will not be stripped from the username, so the remote radius server
should be able to process the username including the realm.

Good luck!

-- Maurice Makaay