Ok. Thank you very much for reply. So, what is the idea for replace AuthType unlang syntax ? About point 2, in my case it makes sense. I have a use case like this: NAS --> Freeradius Server --> Radius Target and on Freeradius Server I do this: - on pre-proxy check username/password and Reject packet if username/password are wrong - on post-proxy if response from Radius Target is Access-Accept assign an IP address. It is a strange use case where Freeradius is a proxy with application logic. I can do that through sql.authorize + unlang or sql+unlang+python modules. I read again "authorize" etc. in v.3.1 thread and I think that a simplification could be a good idea. My cent. Thanks again. G. On Tue, 2015-06-09 at 08:08 -0400, Alan DeKok wrote:
On Jun 9, 2015, at 5:30 AM, Geaaru <geaaru@gmail.com> wrote:
1. Currently, I'm using Auth-Type section for handle CHAP/PAP authentication. If Auth-Type section will be remove how I said to freeradius server to check for PAP or CHAP password ?
We're not stupid. We won't remove the ability to do PAP or CHAP.
2. Currently on 3.0 tree Auth-Type is not usable inside pre-proxy or authorize section. Is there a way to handle authentication in proxy process (or in authorize or in pre-proxy section)?
No. Because that doesn't make any sense.
3. If I undenstand correctly with 3.1 check if username/password are correct will be handled always in process section also for proxy flow. Is it correct?
No.
Alan DeKok.