[Link two authentication requests for Wimax]

[Thomas Fagart]

Thanks for you answer, as I'm not very good to code, I was wondering wether
the following setup could also be a good answer to my question.

I would setup freeradius to do post-auth sql logging for request 1, and
then setup request 2 to authenticate by looking at the post-auth sql tables
in dialup.conf.

Do you think this could work ? (I'll test it anyway, but just would like to
know  if this seems feasible).

Regards

Thomas


>> I would like to know if this is possible to do the following with
>> Freeradius. eg to ask him to have memory.
> 
> Freeradius already keeps replies cached for 5 seconds by default (see
> cleanup_delay in radiusd.conf).
> 
>> Description
>>
>> I've got one authentication request (called request 1) coming from an
ASN
>> GW that will contain the mac adress of the CPE in some attribute.
>> Freeradius will send an access accept.
>> This authentication success will enable the CPE to get connected to the
>> base station. (EAP-TTLS)
>>
>> Then I will have a second authentication request (called request 2)
>> coming
>> from a Broadband Access Server. This equipement will transform DHCP
>> request
>> into a Radius request. This authentication request will also have in
some
>> attributes, the mac addresses of the CPE.
>>
>> Questions
>>
>> Is that possible to configure freeradius to send an authentication
>> success
>> to request 2 only if request 1 has been seen and has been successfully
>> authenticate. (based on the mac address) ?
> 
> Not configure, but you can write a script/module that searches cached
> replies to see if there is one that fits your criteria. Freeradius
> routinely checkes incoming requests to see if same one was processed
> already and if it has sends the reply from the cache without processing
> the (dulicated) request. You can re-use and adapt some of that code for
> your purpose.
> 
> Ivan Kalik
> Kalik Informatika ISP
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html