FreeRADIUS 3.0.1 [Proxy To Another Radius if Reject Received]

Alan DeKok aland at deployingradius.com
Mon Jul 11 15:07:01 CEST 2016


On Jul 11, 2016, at 7:52 AM, Ibrahim Almahfooz via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> The purpose behind that is as you said the secondary DB is not allowed to
> be accessed by the first FR and vice versa. In addition to that, the
> secondary radius should not be facing our BRAS network for security
> reasons.

  My simple answer is "don't do that".  Your design is wrong.

  There is no security gained by hiding RADIUS 2 from the BRAS, or by hiding database 2 from RADIUS 1.

  Alan DeKok.




More information about the Freeradius-Users mailing list