[Link two authentication requests for Wimax]
Ivan Kalik
tnt at kalik.net
Mon Oct 5 15:30:09 CEST 2009
> I would like to know if this is possible to do the following with
> Freeradius. eg to ask him to have memory.
Freeradius already keeps replies cached for 5 seconds by default (see
cleanup_delay in radiusd.conf).
> Description
>
> I've got one authentication request (called request 1) coming from an ASN
> GW that will contain the mac adress of the CPE in some attribute.
> Freeradius will send an access accept.
> This authentication success will enable the CPE to get connected to the
> base station. (EAP-TTLS)
>
> Then I will have a second authentication request (called request 2) coming
> from a Broadband Access Server. This equipement will transform DHCP
> request
> into a Radius request. This authentication request will also have in some
> attributes, the mac addresses of the CPE.
>
> Questions
>
> Is that possible to configure freeradius to send an authentication success
> to request 2 only if request 1 has been seen and has been successfully
> authenticate. (based on the mac address) ?
Not configure, but you can write a script/module that searches cached
replies to see if there is one that fits your criteria. Freeradius
routinely checkes incoming requests to see if same one was processed
already and if it has sends the reply from the cache without processing
the (dulicated) request. You can re-use and adapt some of that code for
your purpose.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list