About authorizing only users with specific attributes (post RADIUS proxy)

Alan DeKok aland at deployingradius.com
Wed Jul 26 13:42:15 CEST 2017

On Jul 26, 2017, at 3:04 AM, Seiichirou Hiraoka <seiichirou.hiraoka at gmail.com> wrote:
> I am building RADIUS Proxy with FreeRADIUS 3.0.4.

  Please upgrade to 3.0.15...

> @mydomain.edu -> backendradius.mydomain.com
> All Other domains -> radius.otherdomain.com

  That is easy to configure in proxy.conf.  Set a realm for @mydomain.edu, and then a DEFAULT realm for the rest.  It will just work.

> For mydomain.com only, I would like to authorize users who have a
> specific character string in the RADIUS standard attribute Filter-Id.
> In this case, where should we determine the value of Filter-Id in the
> RADIUS response from backendradius.mydomain.com?

  In the post-auth section.

> Would you please let me know if you have any reference information,
> such as a conditional expression with unlang.

  The configuration files have dozens of examples, and "man unlang" documents it.

	if ((Realm == "a") && (reply:Filter-Id == "b")) {

  Alan DeKok.

More information about the Freeradius-Users mailing list