Informations about Auth-Type section
Geaaru
geaaru at gmail.com
Tue Jun 9 15:43:47 CEST 2015
Ok. Thank you very much for reply.
So, what is the idea for replace AuthType unlang syntax ?
About point 2, in my case it makes sense. I have a use case like this:
NAS --> Freeradius Server --> Radius Target
and on Freeradius Server I do this:
- on pre-proxy check username/password and Reject packet if
username/password are wrong
- on post-proxy if response from Radius Target is Access-Accept assign
an IP address.
It is a strange use case where Freeradius is a proxy with application
logic.
I can do that through sql.authorize + unlang or sql+unlang+python
modules.
I read again "authorize" etc. in v.3.1 thread and I think that a
simplification could be a good idea.
My cent.
Thanks again.
G.
On Tue, 2015-06-09 at 08:08 -0400, Alan DeKok wrote:
> On Jun 9, 2015, at 5:30 AM, Geaaru <geaaru at gmail.com> wrote:
> > 1. Currently, I'm using Auth-Type section for handle CHAP/PAP
> > authentication. If Auth-Type section will be remove how I said to
> > freeradius server to check for PAP or CHAP password ?
>
> We're not stupid. We won't remove the ability to do PAP or CHAP.
>
> > 2. Currently on 3.0 tree Auth-Type is not usable inside pre-proxy
> > or
> > authorize section. Is there a way to handle authentication in proxy
> > process (or in authorize or in pre-proxy section)?
>
> No. Because that doesn't make any sense.
>
> > 3. If I undenstand correctly with 3.1 check if username/password
> > are
> > correct will be handled always in process section also for proxy
> > flow.
> > Is it correct?
>
> No.
>
> Alan DeKok.
>
More information about the Freeradius-Devel
mailing list