Proxy decision based on LDAP lookups and Radius_client match.

Alan DeKok aland at
Tue Nov 1 10:03:36 CET 2011

Frank Skovboel wrote:
> Thank you for your help, it's up and running now, I do have a few follow up questions to try and see if I can make changes to the configuration a bit more simple.
> Is there a way to refer to the client shortname in the sites-enabled/default authorize section, so I only need to have the IP in one place? or even better is there a way I can group clients so I can test on the group in sites-enabled/default authorize section?

  Add fields to the "client" section.

  It's not well known, but the configuration file is a pretty powerful
key-value store.  Anything that is well formatted is accepted, and used
as key/value.  You can then look up those keys at run time.

client foo {
	... normal values ...

	mything = hello

  That *will* be parsed and accepted.

  You can then do:

authorize {
	if ("%{client:mything}" == "hello") {
		... do stuff ...

  This lets you apply arbitrary labels to clients, and to look up those
arbitrary labels at run time.

  Alan DeKok.

More information about the Freeradius-Users mailing list