proxying and unlang

Matt Zagrabelny mzagrabe at d.umn.edu
Fri Feb 14 22:11:04 CET 2020


Hey Alan,

On Fri, Feb 14, 2020 at 3:07 PM Alan DeKok <aland at deployingradius.com> wrote:
>
> On Feb 14, 2020, at 4:04 PM, Matt Zagrabelny <mzagrabe at d.umn.edu> wrote:
> > I have a FR system that performs local auth and then does some extra
> > policy checks (unlang) in post-auth.
>
>   OK.
>
> > I am looking to proxy all my auth to a remote system (not FR), but I'd
> > still like to sanity check if the remote system does not reject the
> > auth.
> >
> > Do folks put policy unlang into post-proxy?
>
>   That's what it's there fore.
>
> > I see from the docs:
> >
> > "Once the post-proxy section has finished executing, any existing attributes in
> > the reply list are
> > discarded, and the post-proxy attributes are copied to the reply list. This
> > behavior allows a home server
> > to define the default reply sent back to the NAS."
> >
> > that the local attributes are discarded. Is there a way to update the
> > reply in post-proxy?
>
>   Yes, just "update reply".  All of the lists are available at all times.

As always, thanks for the speedy and informative response.

Cheers!

-m


More information about the Freeradius-Users mailing list