20 Feb
2013
20 Feb
'13
8:23 a.m.
Oliver Warda wrote:
Now, I have the demand to implement RADIUS Proxy also. As I understand MAC Auth is done before RADIUS Proxy.
Yes.
But I do not want to administrate about 5.000 RADIUS Proxy clients in my authorized_macs file (RADIUS Proxy is using 802.1x only).
Is there a way to proxy requests based on realms before checking the MAC address?
Yes. You can check if the User-Name contains an "@" character. If so, proxy. For example: if (User-Name =~ /@/) { suffix if (updated) { handled } } mac-checks... That should stop processing the request as soon as it's marked "to be proxied". Alan DeKok.