Oliver Warda wrote: > Now, I have the demand to implement RADIUS Proxy also. > As I understand MAC Auth is done before RADIUS Proxy.
Yes. > But I do not want to administrate about 5.000 RADIUS Proxy clients in my > authorized_macs file (RADIUS Proxy is using 802.1x only). > > Is there a way to proxy requests based on realms before checking the MAC > address? Yes. You can check if the User-Name contains an "@" character. If so, proxy. For example: if (User-Name =~ /@/) { suffix if (updated) { handled } } mac-checks... That should stop processing the request as soon as it's marked "to be proxied". Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html