Defining an Auth-Type based on a realm
Phil Mayers
p.mayers at imperial.ac.uk
Tue Oct 12 17:40:01 CEST 2010
On 12/10/10 16:31, Mathew Rowley wrote:
> Ah, I was misunderstanding the proxy functionality. I thought it was
> only used for proxying radius requests to other radius servers.
>
> I was having a problem with configuring the users file. Why will this
> set Auth-Type:
>
> DEFAULT Realm == "realm", Auth-Type := Kerberos
>
> And this will not:
>
> DEFAULT Realm == "realm"
> Auth-Type := Kerberos
>
>
> Looking through the examples in the users file, it seems like it should
> (assuming the examples work):
> DEFAULT Hint == "SLIP"
> Framed-Protocol = SLIP
No. Read the docs for the "users" file (man users). "users" syntax is:
key [comparison to request list, assignments to control list]
assignments to reply list #1,
assignments to reply list #2,
etc.
Setting "Auth-Type := Kerberos" on the 1st line sets a control item.
Setting it on the 2nd or subsequent lines sets it in the reply items,
where it's meaningless.
More information about the Freeradius-Users
mailing list