AW: AW: Combining ntlm_auth and mac address verification in freeradius

Langen Mike mike.langen at ofwi.ch
Fri Oct 15 12:13:11 CEST 2010


Hi Phil.

Thank you very much.
That would do for now!

Kind regards

Mike


-----Ursprüngliche Nachricht-----
Von: freeradius-users-bounces+mike.langen=ofwi.ch at lists.freeradius.org [mailto:freeradius-users-bounces+mike.langen=ofwi.ch at lists.freeradius.org] Im Auftrag von Phil Mayers
Gesendet: Freitag, 15. Oktober 2010 12:03
An: freeradius-users at lists.freeradius.org
Betreff: Re: AW: Combining ntlm_auth and mac address verification in freeradius

On 15/10/10 10:13, Langen Mike wrote:
> Hi Phil.
>
> Thank you for your quick answer. That's exactly, what I need. Where
> do you get this information? It's really hard to retrieve usable
> information from wiki.freeradius.org...

Mainly accumulated knowledge.

>
> Is there a good resource for this kind of information? I do have
> difficulties to understand, how freeradius is processing a request
> and where I can hook my own logic into it.

The docs that come with the server cover a lot of this; have a look in 
particular at:

doc/aaa
doc/module_interface
doc/configurable_failover

If these are unclear, please say how, so they can be improved!

FreeRadius is really quite simple in principle; a radius request 
consists of a list of attribute/value pairs. The request is received and 
two more empty lists are created - the "config" and "reply" items. The 
request is passed through the "authorize" section, with each module 
altering the request/config/reply items and perhaps terminating the 
processing.

The request is then passed through the "authenticate" section obeying 
the "Auth-Type" variable in the "config" item. Finally it's passed 
through the "post-auth" section.

FreeRadius 2.x adds "if ()" statements as special modules so the 
processing can be condition (see "man unlang") but it's all just a chain 
of modules under the hood. Very clever & flexible!

If you really want to understand the way it works, there's no substitute 
for slowly, carefully working through some config options, and watching 
the output from "radiusd -X". The best way is:

  1. build/install freeradius
  2. Put the /etc/raddb directory under version control
  3. Run some test authentications using radclient or eapol_test
  4. Commit the working config
  5. Change *one* thing
  6. goto 3 ;o)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list