Hello everybody, I'm using FR 2.1.12 on CentOS 6.3 802.1x and MAC Auth as described in WiKi is working fine. Authentication is done local Now, I have the demand to implement RADIUS Proxy also. As I understand MAC Auth is done before RADIUS Proxy. But I do not want to administrate about 5.000 RADIUS Proxy clients in my authorized_macs file (RADIUS Proxy is using 802.1x only). Is there a way to proxy requests based on realms before checking the MAC address? In my testing I couldn't realize RADIUS Proxy without keeping the MAC in authorized_macs file. Appreciate your help. Thank you in advance. Freundliche Grüße Oliver Warda Universitätsklinikum Tübingen Geschäftsbereich Informationstechnologie Geissweg 11 72076 Tübingen Telefon: +49 (0)7071 29 85604 E-Mail: oliver.warda@med.uni-tuebingen.de
Oliver Warda wrote:
Now, I have the demand to implement RADIUS Proxy also. As I understand MAC Auth is done before RADIUS Proxy.
Yes.
But I do not want to administrate about 5.000 RADIUS Proxy clients in my authorized_macs file (RADIUS Proxy is using 802.1x only).
Is there a way to proxy requests based on realms before checking the MAC address?
Yes. You can check if the User-Name contains an "@" character. If so, proxy. For example: if (User-Name =~ /@/) { suffix if (updated) { handled } } mac-checks... That should stop processing the request as soon as it's marked "to be proxied". Alan DeKok.
participants (2)
-
Alan DeKok -
Oliver Warda