RADIUS-Proxy before MAC Auth

Alan DeKok aland at deployingradius.com
Wed Feb 20 14:23:49 CET 2013


Oliver Warda wrote:
> Now, I have the demand to implement RADIUS Proxy also.
> As I understand MAC Auth is done before RADIUS Proxy.

  Yes.

> But I do not want to administrate about 5.000 RADIUS Proxy clients in my
>  authorized_macs file (RADIUS Proxy is using 802.1x only).
>  
> Is there a way to proxy requests based on realms before checking the MAC
> address?

  Yes.  You can check if the User-Name contains an "@" character.  If
so, proxy.  For example:

	if (User-Name =~ /@/) {
		suffix
		if (updated) {
			handled
		}
	}

	mac-checks...

  That should stop processing the request as soon as it's marked "to be
proxied".

  Alan DeKok.


More information about the Freeradius-Users mailing list