how to organize groups of users getting access to groups of servers

Alan DeKok aland at deployingradius.com
Tue Mar 25 21:37:57 CET 2014


Jan-Frode Myklebust wrote:
> Is this a variable that you just created here for this purpose, or a
> standard attribute?  I.e. can we add random new attributes here?

  You can out random things in the config file.  The server is flexible
that way.  So long as it parses, it will load, and be usable.

  e.g. put this into the bottom of radiusd.conf, and it will work:

house {
	window = yes
	door = no
	electricity = paid
	rent = 1500
}

  The server won't care.  It will still work.

> We'd
> probably like to match on more than "type"... At least also on "branch", 
> to give people on branch offices management of their own devices.

  Yup.

> BTW: we're on v2.1.12-4.el6_3 (RHEL6-latest), and the manpage for
> clients.conf doesn't say anything about a "type" or allowing to add new
> variables..

  It doesn't say that, because it's a property of the config files, not
the client section.  There are some corners of the server yet to be
documented.

>>   Then use "unlang":
> 
> Thanks! That looks very powerfull!

  It makes all of the difference in the world.  It's simple enough to be
easily understandable, and complex enough to do a lot of useful work.

  Alan DeKok.


More information about the Freeradius-Users mailing list