Standard & Realm Authentication
Richard J Palmer
richard at merula.net
Mon Feb 1 20:42:24 CET 2021
We have been using FreeRadius for quite a long time to authenticate
PPPoE and L2TP sessions and hotspots. So far everything works.
However I'd like to add an extra function and wondered if you could
provide a pointers,
Generally Users send their username - we look in SQL and return Data
from radreply / ip pools etc. We have no problem there.
On our LNS / LAC Devices we also have a small number of sessions that
we forward to other ISPs. With these we don't have the username - but
forward based on realm
On our LNS We have:
As an alternative the LNS can get this data from Radius - and given
the growing number of LNS devices - rather than keeping the sync up to
date on multiple devices it makes sence to run this as part of the
NOTE this is not a radius proxy - where we pass on the radius request
if it's a matching realm - BUT a radius reply to the LNS telling it to
forward the connection on to the customers LNS.
What I am trying to achieve in FreeRadius is
1) If there's an exact username (as now) continue as now
2) IF there's not a match either run a second SQL which will find the
realm - and return accept. And then pass back the necessary attributes
back to allow the session to forward.
Pretty happy to do most of the work here but some pointers would be
I could I suppose do this by replacing the SQL query with a stored
procedure - but open to any better ideas?
Thanks in advance
More information about the Freeradius-Users