This clause proxies requests to one or more target RADIUS servers. The
target host is determined by a lookup in an LDAP database. This allows the
easy management of large numbers of downstream radius servers, such as in
a wholesale ISP. It inherits from both LDAP and <AuthBy
RADIUS>.
<AuthBy LDAPRADIUS> runs the SearchFilter
query to determine the details of the target RADIUS server until either an
acknowledgment is received from the target or Num-Hosts is exceeded. This
permits fallback RADIUS servers to be configured.
SearchFilter can be configured to select the target RADIUS server based
on any attribute in the incoming request. The default is the user's Realm,
but other possibilities, such as Called-Station-Id may be more useful for
your organisation.
Tip
There is a sample LDAP schema for OpenLDAP in
goodies/radiator-ldap.schema in your Radiator
distribution. This schema is compatible with the default behaviour of
SearchFilter and HostAttrDef allowing the selection of a target host
primary based on Realm.
Tip
If SearchFilter fails to find any matching LDAP records,
<AuthBy LDAPRADIUS> attempts to proxy according
any
<Host xxxxxx> clauses contained within the
<AuthBy LDAPRADIUS> clause. For more
information, see
Section 3.43.
This permits unknown realms to be proxied to a catchall target server,
such as GoRemote (GRIC) and IPASS.
This clause supports all the common LDAP configuration parameters. For
more information about the LDAP configuration parameters, see
Section 3.9.
<AuthBy LDAPRADIUS> understands also the
same parameters as
<AuthBy xxxxxx>. For more
information, see
Section 3.32.
