post_proxy_authorize option

Alan DeKok aland at
Tue Jul 25 18:03:11 CEST 2006

Geoff Silver <geoff+freeradius at> wrote:
> I noticed in the included raddb/proxy.conf file, the
> post_proxy_authorize option notes that it's "deprecated and will be
> removed in the future".  I'm using that feature right now, so I'd
> like to find out if there's a better way to handle the authorization
> step, or else if this option can be left in the code.  I *presume*
> the right way is to add something to post-proxy {},


>  but when I tried to duplicate my authorize section, I get nothing
> but errors when trying to start radiusd.

  Probably because you're trying to reproduce the authorize stage
exactly, which isn't necessary.

> My authorization step can go in either the pre-proxy or post-proxy
> section - the important thing is that the proxy server can handle
> authentication, but I need to use the users file to do
> authorization.  Ideas on how to do this right are appreciated.
> Thanks.

  If you don't say what the errors are, it's a little difficult to
help you.

  My guess: you're putting "preprocess" in "post-proxy".  The simplest
thing to do is to not do that...

  Also, the "files" module doesn't have a "post-proxy" section in
1.1.x.  It *does* have that in the CVS head.

  For now, you can probably leave "post_proxy_authorize = yes"

  Alan DeKok.

More information about the Freeradius-Users mailing list