forward authentication, but take reply attributes from local db

Alan DeKok aland at
Wed Apr 15 17:15:26 CEST 2015

On Apr 15, 2015, at 10:57 AM, Vld <ponch at> wrote:
> Lets say i have primary radius server with users in file. And i also
> have secondary one, with the same users (logins and passwords are the
> same). 


> How do i forward/proxy access-request from primary to secondary and in
> case it sends back access-accept to primary - it takes user attributes
> from local database (of primary). No just return to NAS what secondary
> gave me, but rewrite it according to local config.

  You can re-write attributes in the post-proxy stage.  That's what it's for.

  By default, the server uses the reply from the home server as the reply to the NAS.  If you want that changed, you'll need to change configuration.

  Put the reply attributes into the post-proxy section, that should work.

> The main goal of secondary - just either accept or reject user.
> is it even possible?


  Alan DeKok.

More information about the Freeradius-Users mailing list