proxying and unlang
Matt Zagrabelny
mzagrabe at d.umn.edu
Fri Feb 14 22:04:15 CET 2020
Greetings,
I have a FR system that performs local auth and then does some extra
policy checks (unlang) in post-auth.
I am looking to proxy all my auth to a remote system (not FR), but I'd
still like to sanity check if the remote system does not reject the
auth.
Do folks put policy unlang into post-proxy?
I see from the docs:
"Once the post-proxy section has finished executing, any existing attributes in
the reply list are
discarded, and the post-proxy attributes are copied to the reply list. This
behavior allows a home server
to define the default reply sent back to the NAS."
that the local attributes are discarded. Is there a way to update the
reply in post-proxy?
For instance, this is a snippet of my current post-auth:
post-auth {
if (User-Name == "foo") {
update reply {
Reply-Message := "bar"
}
reject
}
}
Thanks for any hints!
-m
More information about the Freeradius-Users
mailing list