Using multiple auth methods, ports

Dusty Doris freeradius at
Mon Feb 20 04:37:03 CET 2006

> the request, which doesn't help me).  The only thing the NAS can do that is
> "helpful" is send cert auth requests to a different UDP port than regular
> auth requests.

Perhaps there are new features that can take care of this for you in one 
place, but if not, you can just run two radiusd instances.  One for 
"oldschool" and one for cert.

For example, say your raddb dir is in /etc/raddb now.

You would create two subdirs of that directory

mkdir /etc/raddb/oldschoool
mkdir /etc/raddb/cert

and perhaps for logging seperately as well

mkdir /var/log/radius/oldschool
mkdir /var/log/radius/cert

cp all the files from raddb to the two directories.

Modify the top of radiusd.conf to point to the new directories for 
raddbdir, confdir, logdir, etc..  Modify the listen or port arguments 
to make one listen on 1645 and the other on 1812.

Then modify the rest of it, such as the users file, to do what you want 
for each seperate instance.

Then modify your startup script to fire off two instances using the -d 
option, and make sure you get both instances as well no stop/restarts.


/pathto/radiusd -d /etc/raddb/oldschool
/pathto/radiusd -d /etc/raddb/cert

That will give you two seperate instances.  One will be configured to only 
handle oldschool logins and the other to only handle certs.  It will be 
another port/process you'll have to monitor, but it should give you what 
you want.

More information about the Freeradius-Users mailing list