I'm looking at using FreeRadius 2.0.1 to merge out old VMPS switches into the radius-based (SQL-backed) MAC auth. For various reasons, the easiest thing for me would be to proxy the VMPS requests as PAP to our existing mac auth servers. The comments in raddb/sites-available/vmps imply that the packets can be proxied, but I'm not seeing that: # VMPS server server vmps { listen { # FIXME: should be .202 for production ipaddr = 192.168.x.y port = 1589 type = vmps } # And the REAL contents. This section is just like the # "post-auth" section of radiusd.conf. In fact, it calls the # "post-auth" component of the modules that are listed here. # But it's called "vmps" to highlight that it's for VMPS. vmps { # we cheat, and proxy to the MACAUTH radius servers update control { Proxy-To-Realm := "MACAUTH" } } post-proxy { # FIXME: log to sql_log actually detail } } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on vmps address 155.198.63.122 port 1589 as server vmps Ready to process requests. VMPS-Packet-Type = VMPS-Join-Request VMPS-Error-Code = VMPS-No-Error VMPS-Sequence-Number = 234881024 VMPS-Client-IP-Address = 155.198.51.130 VMPS-Port-Name = "4 " VMPS-VLAN-Name = "--NONE--" VMPS-Domain-Name = "HOR-PG" VMPS-Unknown = 0x00 VMPS-MAC = 00:1b:24:a1:cf:2e server vmps { Doing VMPS Done VMPS } # server vmps Failed encoding packet: Failed to find VQP-Packet-Type in response packet Finished request 0. Going to the next request Waking up in 0.9 seconds. Waking up in 3.9 seconds. Cleaning up request 0 ID 234881024 with timestamp +1 Ready to process requests. Looking at the source code, it seems the vmps code only runs the post-auth section and doesn't check any control variables, so Proxy-To-Realm is unlikely to work. If this is intentional, could we remove the comments about proxying and pre/post proxy from sites-available/vmps? Is there any reason the code doesn't run: authorize then either post-auth or pre-proxy post-proxy post-auth ?