Second stage authrization with proxy

Matthew Newton matthew at
Tue May 30 21:14:58 CEST 2017

On Tue, May 30, 2017 at 11:07:03AM +0200, Gianluca BaĆ¹ wrote:
> i would like to forward authorization requests to another Freeradius server
> if the user is not present in the local one.


> authorize {
>    ......
> if (!notfound) {

That's if "not notfound" - you probably want if (notfound) {

>                 update control {
>                         Proxy-To-Realm := "newrealm"
>                 }
>         }
>     ......
> }
> For me this condition is never matched.

Did you leave the logic as above? Where did you put it in the

As "notfound" is relevant to the previous module that was called,
location matters. e.g. if you're using ldap, put it after your
ldap call, not at the end of the authorize{} section after pap.

> May you help me please? Do you need other technical details?

Well the full output of radiusd -X means we have some sort of
clue as to what is actually going on.


More information about the Freeradius-Users mailing list