CHECKVAL

Alan DeKok aland at ox.org
Fri Jun 24 18:24:20 CEST 2005


Craig Hancock <chancock at nd.edu> wrote:
> Unfortantely the first checkval is processed but not the 2nd one. I 
> think I need to give
> it in additional name like I would if I had multiple LDAP directives i.e 
> checkval NAS-CHECK.

  Yes.

> Am I correct on this and if so do I have to change the authorize section 
> and put something like
> Autz-Type CHECKVAL {
>       checkval NAS-CHECK
> }

  No.  You list "NAS-CHECK" in the section, just like you list "checkval".

  But you don't need that:

> checkval {
>   item-name = NAS-IP-Address
>   check-name = NAS-IP-Address
>  data-type = ipaddr
>  notfound-reject = yes
> }

  This can be done in the "users" file:

DEFAULT NAS-IP-Address !* 127.0.0.1, Auth-Type := Reject

> Lastly is it possible to construct Autz-Types based on Proxies (Proxies 
> being done locally)

  Huh?  What do you mean by that?




More information about the Freeradius-Users mailing list