Dynamic Clients

Kev Pearce email.me at kevp.com
Thu Aug 14 14:04:30 CEST 2014

> If FreeRADIUS could do this, the packet parsing would have to be two-pass - decode without authenticator (because you lack the secret), extract NAS-IP-Address, find client/secret, then validate authenticator / Message-Authenticator, and decide to drop or pass and decrypt encrypted fields.

But doesn't the rlm_raw module provide exactly this? The ability to get to payload attributes then use them to lookup the secret etc in the dynamic-client SQL request?

For the user check nas-ip-address is natively available so the user lookup by nas-ip-address is easy.

I also appreciate that the raw module is not official FR code.



More information about the Freeradius-Users mailing list