post_proxy_authorize option
Alan DeKok
aland at nitros9.org
Tue Jul 25 18:03:11 CEST 2006
Geoff Silver <geoff+freeradius at uslinux.net> wrote:
> I noticed in the included raddb/proxy.conf file, the
> post_proxy_authorize option notes that it's "deprecated and will be
> removed in the future". I'm using that feature right now, so I'd
> like to find out if there's a better way to handle the authorization
> step, or else if this option can be left in the code. I *presume*
> the right way is to add something to post-proxy {},
Yes.
> but when I tried to duplicate my authorize section, I get nothing
> but errors when trying to start radiusd.
Probably because you're trying to reproduce the authorize stage
exactly, which isn't necessary.
> My authorization step can go in either the pre-proxy or post-proxy
> section - the important thing is that the proxy server can handle
> authentication, but I need to use the users file to do
> authorization. Ideas on how to do this right are appreciated.
> Thanks.
If you don't say what the errors are, it's a little difficult to
help you.
My guess: you're putting "preprocess" in "post-proxy". The simplest
thing to do is to not do that...
Also, the "files" module doesn't have a "post-proxy" section in
1.1.x. It *does* have that in the CVS head.
For now, you can probably leave "post_proxy_authorize = yes"
Alan DeKok.
More information about the Freeradius-Users
mailing list