On 2017-12-14 10:31, Sami Ketola wrote: > >> On 14 Dec 2017, at 8.30, Peter Mogensen <a...@one.com> wrote: >> However... since the proxy use "nopassword", ALL passdb lookups result >> in "success", so the proxy will never report an authentication failure >> to the authpolicy server. > > > Why not authenticate the sessions at the proxy level already? Is there any > reason not to do that?
Yes. Several. This is not a new setup. It's an already well established setup and it's unlikely that authentication can be moved to the proxy. /Peter
