RADIUS-Proxy before MAC Auth
Alan DeKok
aland at deployingradius.com
Wed Feb 20 14:23:49 CET 2013
Oliver Warda wrote:
> Now, I have the demand to implement RADIUS Proxy also.
> As I understand MAC Auth is done before RADIUS Proxy.
Yes.
> But I do not want to administrate about 5.000 RADIUS Proxy clients in my
> authorized_macs file (RADIUS Proxy is using 802.1x only).
>
> Is there a way to proxy requests based on realms before checking the MAC
> address?
Yes. You can check if the User-Name contains an "@" character. If
so, proxy. For example:
if (User-Name =~ /@/) {
suffix
if (updated) {
handled
}
}
mac-checks...
That should stop processing the request as soon as it's marked "to be
proxied".
Alan DeKok.
More information about the Freeradius-Users
mailing list