Freeradius, PostgreSQL and One-Time-Password backends

mikoi mika.koivisto at
Fri Jun 12 17:04:53 CEST 2009

The question was "how does freeradius talk to authentication database".
What does it send to it and what does it get back?

I´ll do my best to explain.

Access-Request packet from NAS/AAA-client contains:
User-Password (One-Time-Password)

FreeRadius checks with SQL:
Is user allowed to access through this (NAS-IP-Address)?
Check User-Name / profile. To which server do i proxy authentication

Access-Request packet sent to authentication server (OTP system).
Is User-name/User-Password ok?

Authentication server responds: Access-Accept/Reject.
If Access-Accept. Reply goes to FreeRadius.

FreeRadius checks with SQL. 
What Reply attributes to send to NAS/AAA-client.
IETF (attribute 25, Class). etc..

Does this answer your question?

I need to know if FreeRadius can do the above things and if so how do i
proceed. This is what our ACS does at the moment.


View this message in context:
Sent from the FreeRadius - User mailing list archive at

More information about the Freeradius-Users mailing list