Split authorization / authentication
Alan DeKok
aland at deployingradius.com
Wed Jun 13 15:48:47 CEST 2012
Emmanuel BILLOT wrote:
> What module should i use to send MAC adresses to another radius server,
> and getting back ok/nok before testing EAP ?
That WILL NOT work. The server cannot proxy and also authenticate users.
This is what a database is for. Put the MAC addresses into a
database, and query that during the authorization phase.
> Using unlang yes, but what directive should i use ? Proxy cannot be one
> because MAC adresse has no suffix.
If you're just going to proxy requests, you can proxy them anywhere
you want, based on any criteria. Just set Proxy-To-Realm, using the
realm name.
The default is to proxy via domain suffixes. But other methods can
also be used. There is no requirement for suffixes to be the *only*
method of proxying.
Alan DeKok.
More information about the Freeradius-Users
mailing list