Defining an Auth-Type based on a realm
mathew_rowley at cable.comcast.com
Tue Oct 12 15:45:08 CEST 2010
My question was more of where that configuration should live. I can see that
you can do attribute checks in the users file, but I am not sure the realm
is being set to any attribute...
I can see in the debug messages:
rad_recv: Access-Request packet from host 127.0.0.1 port 53888, id=132,
User-Name = "user at realm"
User-Password = "password!"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
Tue Oct 12 07:38:54 2010 : Info: [IPASS] No '/' in User-Name = "
user at realm", looking up realm NULL
Tue Oct 12 07:38:54 2010 : Info: [IPASS] No such realm "NULL"
Tue Oct 12 07:38:54 2010 : Info: ++[IPASS] returns noop
Tue Oct 12 07:38:54 2010 : Info: [suffix] Looking up realm "realm" for
User-Name = " user at realm"
Tue Oct 12 07:38:54 2010 : Info: [suffix] No such realm "realm"
Tue Oct 12 07:38:54 2010 : Info: ++[suffix] returns noop
But I never see an attribute being set to the realm. Do I have to explicitly
define that somewhere in order to do a check in the users file? Or, is there
a better place to do this check (possibly in an IPASS configuration of
From: Alan DeKok <aland at deployingradius.com>
Reply-To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Date: Tue, 12 Oct 2010 01:08:14 -0400
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: Defining an Auth-Type based on a realm
Mathew Rowley wrote:
> Is there a typical way to set an Auth-Type := Kerberos¹ when a user is
> part of a specific realm? For testing purposes, I am able to add this to
> the users¹ file:
> DEFAULT Auth-Type := Kerberos
> But, will need something based on realm in the future.
You can do comparisons on the Realm, too. It's just another attribute.
List info/subscribe/unsubscribe? See
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users