I've been doing some research and it seems like there has been a lot of talk about radsec and some movement on the IETF standardization front, but I'm unclear about the state of radsec within the freeradius codebase. I've downloaded the current master source as of a few days ago and successfully compiled it on CentOS 6.2 64bit. Everything seems to work save some EAP stuff that I'm not using and was able to disable around, but I can't figure out if the radsec is there and not documented or if it isn't in there at all. I'm asking because I have a specific use-case that is somewhat similar to how edu-roam is doing that I want to implement and was hoping someone can steer me in the right direction. I'm looking to implement a multi-tier radius hierarchy to deploy centralized user logins to managed network devices in a number of my managed IT customers (I'm the service provider). What I want to accomplish is something similar to: (pardon the ASCII Visio) [NAS (Typically Cisco Router/Switch)] --Standard Radius Auth--> [Onsite FreeRadius as proxy/realm selector] --Standard Radius Auth--> @customer.domain [Customer's Server (typically MS IAS/NPS) Or --TCP/TLS Radius Auth--> @service_provider.domain [Internet facing FreeRadius] --Standard Radius Auth or LDAP--> [Our backend user database (currently AD)] Right now our solution is to implement the same hierarchy but to use standard UDP radius over SSH/socat tunnels for the onsite to off-site communication. A radsec solution would be cleaner and probably more reliable. So my questions are: -Is the radsec code included in the mainline git repo? -If not, where do I get it? -If so, does anyone have any quick and dirty doc somewhere or a working example? -Am I nuts for even trying this? Jason Rohm Communications Architect SRC Technologies Inc.