the request, which doesn't help me). The only thing the NAS can do that is "helpful" is send cert auth requests to a different UDP port than regular auth requests.
Perhaps there are new features that can take care of this for you in one place, but if not, you can just run two radiusd instances. One for "oldschool" and one for cert. For example, say your raddb dir is in /etc/raddb now. You would create two subdirs of that directory mkdir /etc/raddb/oldschoool mkdir /etc/raddb/cert and perhaps for logging seperately as well mkdir /var/log/radius/oldschool mkdir /var/log/radius/cert cp all the files from raddb to the two directories. Modify the top of radiusd.conf to point to the new directories for raddbdir, confdir, logdir, etc.. Modify the listen or port arguments to make one listen on 1645 and the other on 1812. Then modify the rest of it, such as the users file, to do what you want for each seperate instance. Then modify your startup script to fire off two instances using the -d option, and make sure you get both instances as well no stop/restarts. eg: /pathto/radiusd -d /etc/raddb/oldschool /pathto/radiusd -d /etc/raddb/cert That will give you two seperate instances. One will be configured to only handle oldschool logins and the other to only handle certs. It will be another port/process you'll have to monitor, but it should give you what you want.