proxying and unlang

Alan DeKok aland at
Fri Feb 14 22:07:10 CET 2020

On Feb 14, 2020, at 4:04 PM, Matt Zagrabelny <mzagrabe at> wrote:
> I have a FR system that performs local auth and then does some extra
> policy checks (unlang) in post-auth.


> I am looking to proxy all my auth to a remote system (not FR), but I'd
> still like to sanity check if the remote system does not reject the
> auth.
> Do folks put policy unlang into post-proxy?

  That's what it's there fore.

> I see from the docs:
> "Once the post-proxy section has finished executing, any existing attributes in
> the reply list are
> discarded, and the post-proxy attributes are copied to the reply list. This
> behavior allows a home server
> to define the default reply sent back to the NAS."
> that the local attributes are discarded. Is there a way to update the
> reply in post-proxy?

  Yes, just "update reply".  All of the lists are available at all times.

  Alan DeKok.

More information about the Freeradius-Users mailing list