Authorisation chaining

Héctor Alberto Ortiz Barrón hector_aob at
Tue Aug 15 14:04:31 CEST 2006

(Hopefully this one will go through)

Hi, I've been playing around with FreeRadius for a bit and was
wondering if it is possible to have an authorisation chain,
something like:
My first Auth method is using certificates, if this method fails,
try to auth using login/passwd with mysql, and if this second method
fails, try using a script of my own, and if this very last method
fails, then reject the client.
By separate parts it works. I have one radiusd.conf file for
certificates, another one for mysql and a last one for my script.
The problem comes when I try to merge those methods. Right now I'm
experimenting with MySQL + MySCRipt, then I provide random
user/passwd in order to cause MySQL auth to fail and to grant access
through my script. MySQL says "user not found", my script says "ok"
and eap says "nope" and rejects.
Is there a way to do this?

Thanks in advance

More information about the Freeradius-Users mailing list