RADIUS-Proxy before MAC Auth
Oliver Warda
Oliver.Warda at med.uni-tuebingen.de
Thu Feb 21 10:10:12 CET 2013
> Is there a way to proxy requests based on realms before checking the
MAC
> address?
> Yes. You can check if the User-Name contains an "@" character. If
> so, proxy. For example:
> if (User-Name =~ /@/) {
> suffix
> if (updated) {
> handled
> }
> mac-checks...
> That should stop processing the request as soon as it's marked "to
be
> proxied".
Thank you for this quick reply.
We are using EAP-TLS computer-only authentication and additional MAC
Auth.
Both Common Name of certificates contain "@" characters, like
machine-name at realm-local
machine-name at realm-to-proxy
Is it possible to use the realm instead and should this be placed
within the users file?
e.g.
if (realm =~ /realm-to-proxy/) {
suffix
if (updated) {
handled
}
mac-checks...
Thank you very much for your support.
Oliver
More information about the Freeradius-Users
mailing list