Newbee question

Maria Sanchez Maria.Sanchez at hughes.com
Tue Jun 29 16:35:04 CEST 2010



-----Original Message-----
From: freeradius-users-bounces+maria.sanchez=hughes.com at lists.freeradius.org [mailto:freeradius-users-bounces+maria.sanchez=hughes.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Tuesday, June 29, 2010 2:09 AM
To: FreeRadius users mailing list
Subject: Re: Newbee question

Maria Sanchez wrote:
>  I am getting familiar with FreeRadius since it is being proposed in the
> designs as our Authentication/Authorization server. I have successfully
> installed and started the server and I have done some calls using the
> radtest client script. I am currently only using the users file to
> create new users since my goal at this time is validating concepts…. I
> am currently trying to assign a Role to one of my users and get that
> value returned to the client. I am still using the radtest client.

  What do you mean by "role" ?

For example an "Admin"  role that indicates to an application  what are the actions the user can perform.

  Is this role for use by a real client, i.e. *not* radclient?
Yes. I have an application that authenticates the user with Radius and then gets the set of roles assigned to this user. With the set of roles the application knows what the user can or cannot do.

  If so, see the client documentation for what attribute to send.



> The only information I found related to configuring roles indicated that
> I had to enter a new attribute in the dictionary file, add the attribute
> in the users file with the value I needed and add the dictionary file as
> a parameter to the radtest (-d directory) to be able to see the
> attribute in the returned message… Well this is not working as
> described… Any idea or reference document I can use to have this
> configured?

  The dictionary file has a "man" page.  The comments at the top of the
dictionary file describe the format, too.

  In general, you need to edit the dictionaries *only* if you're writing
your own RADIUS client (i.e. NAS).  Otherwise, don't touch them.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list