Informations about Auth-Type section

Geaaru geaaru at
Tue Jun 9 15:43:47 CEST 2015

Ok. Thank you very much for reply.

So, what is the idea for replace AuthType unlang syntax ?

About point 2, in my case it makes sense. I have a use case like this:

NAS --> Freeradius Server --> Radius Target

and on Freeradius Server I do this:

- on pre-proxy check username/password and Reject packet if
username/password are wrong

- on post-proxy if response from Radius Target is Access-Accept assign
an IP address.

It is a strange use case where Freeradius is a proxy with application

I can do that through sql.authorize + unlang or sql+unlang+python

I read again "authorize" etc. in v.3.1 thread and I think that a
simplification could be a good idea.

My cent.

Thanks again.

On Tue, 2015-06-09 at 08:08 -0400, Alan DeKok wrote:
> On Jun 9, 2015, at 5:30 AM, Geaaru <geaaru at> wrote:
> > 1. Currently, I'm using Auth-Type section for handle CHAP/PAP
> > authentication. If Auth-Type section will be remove how I said to
> > freeradius server to check for PAP or CHAP password ?
>   We're not stupid.  We won't remove the ability to do PAP or CHAP.
> > 2. Currently on 3.0 tree Auth-Type is not usable inside pre-proxy 
> > or
> > authorize section. Is there a way to handle authentication in proxy
> > process (or in authorize or in pre-proxy section)?
>   No.  Because that doesn't make any sense.
> > 3. If I undenstand correctly with 3.1 check if username/password 
> > are
> > correct will be handled always in process section also for proxy 
> > flow.
> > Is it correct?
>   No.
>   Alan DeKok.

More information about the Freeradius-Devel mailing list