[rad] Re: SOLVED Re: pseudo-newbie exec scripts and session-time

Sat Jun 13 08:12:49 CEST 2009

Charles Gregory wrote:
> 
> Well, keeping in mind that this is now a philosphical discussion...

  And it's mostly wasted.  The time spent arguing over the documentation
would have been better spent installing 2.x, which has much better
documentation.

> Notice the complete lack of instruction as to WHERE I would use that
> syntax.... Both in the comments AND from you, I might add....

  Yes.  Exactly.

  The various configuration files and modules ("users", or sql) give
examples and documentation as to how to use attributes and values.  The
"exec" module gives an example of how to use the exec module with
attributes and values.

>>  No.  The 2.x documentation describes how it's used, and where it's
>> used.
> 
> What part of "I'm using 1.x" did you not get? If nothing else, this
> statement proves that you were wrong to tell me to look in my 1.x config
> files for the documentation which you now say is only in the 2.x files.

  No... I had NO IDEA what you were trying to do.  Maybe you had seen
the "unlang" examples, and were trying to use something that looks like
them in 1.x.  Or, maybe you finally had decided to upgrade to 2.x, and
had still got the examples wrong.  It's happened before.

> So there again is this "usage" that gives no hint of WHERE it is used.

  The entire server is about received attributes and values, and sending
them back to the NAS.  There are literally dozens of examples in the
default configuration (even in 1.0) showing this.  There are many, many,
documentation files discussing this, even in 1.0.

> Certainly not in the sections of radiusd.conf where the newbie (me)
> would expect commands to go.

  1.0 doesn't have "commands".  It has modules.  All of the
documentation and examples make this clear.  The documentation talks
about "post-auth" processing "modules".  The comments and examples in
radiusd.conf talk about processing "modules".

  There are *ZERO* examples in 1.0 that show using an attribute in a
"post-auth" section.  There is *ZERO* documentation saying it's possible.

> You know, a post-auth command in the
> post-auth section..... I get the feeling that this comment is a holdover
> from some earlier version of FR where the *only* place one could assign
> attributes was in the user file, or something like that, so there was no
> 'need' to define where syntax like that was used.... (shrug)

  There's not need to define where it goes because the OTHER modules
define where it goes.  The "users" file has documentation and examples
for defining attributes.  The "sql" module has documentation and
examples for defining attributes.  The "ldap" module has documentation
and examples for defining attributes.

  Should I go on?

> And so, hopefully after posting all this garbage yet again, and quoting,
> I hope sufficiently, you can see that I *did* read all the comments in
> the config file, and what you THINK is there really is not there.

  I can see that you read some of them.  You don't seemed to have put 2
and 2 together.

  And again, all of this discussion is wasted.  You would have had LESS
WORK to do if you had simply installed 2.1.6, which HAS AN RPM.

  It's YOUR choice to install a version that is YEARS out of date.  It
is DOUBLY your choice after you were told that an updated RPM exists.
It is TRIPLY your choice after you were told that the documentation and
examples were better in 2.x.

  While I admit that 1.0 isn't perfect... the documentation and examples
should have been more than adequate for your needs.

  Alan DeKoks.