User Groups within FR

Ben Humpert ben at an3k.de
Tue May 26 18:05:28 CEST 2015


2015-05-25 23:27 GMT+02:00 Alan DeKok <aland at deployingradius.com>:
>
>   It never hurts to be clear.
>
[ ... ]
>
>   Good.  Just making sure...

:-)

>   I'll go update the web site.  I think it's for v2, so it's out of date with respect to v3.
>
>> Are you going to only use the wiki for documentation, manpages, etc.
>> or do you want to keep the website documentation stuff too? If not I
>> guess it's ok if we (users) help improving the wiki ourselves?
>
>   I'm writing tons of documentation:
>
> http://networkradius.com/doc/current/unlang/
>
>   And:
>
> http://networkradius.com/doc/current/unlang/condition.html
>
>   It's correct.  Perhaps incomplete, but correct.  The problem with the Wiki is that it gets edited by random people, and therefore can't be the official "correct" version of the documentation.

I know how time consuming it is so have your software well documented
so that it's easy to read, that others can understand it and that it's
nearly always up-to-date. So currently there are five, well six
locations where documentation is available. freeradius.org website,
freeradius.org wiki, networkradius.com, deployingradius.com, example
config files and manpages. This not only means much more work for you
(since you have to take care about all the sources) but also more
hassle for users to find what they need since they have to search all
these.

I really would like to help you guys with the documentation stuff so
that you have more time answering my questions here ... ehm, actually
I meant to say "bugfixing and improving FreeRADIUS" ;-)

I really like the versioning behind
http://networkradius.com/doc/current/ but I think the easiest way
would be to use the wiki, setting it up as read-only and only grant
"good people" write access. Or grant write access to everybody but
every change not made by "good people" has to be verified before it's
published.

>> I thought having it as an config attribute is fine. I was wrong.
>
>   It should ben but you then have to refer to it as a config item.

How? Based on what I read in the doc it should be %{config:MyCustomAttribute}

Also one last question about the rlm_passwd. The example config for passwd says

>> Field marked as ',' may contain a comma separated list of attributes. <<

I used this in my config but when I check the attribute it contains
"ssid1,ssid2".

/etc/freeradius/mods-enabled/groups
format = "~My-Group-Name:,~My-Called-Station-Ssid:*,User-Name"

/etc/freeradius/mods-config/groups/authorize
Group:ssid1,ssid2:user1,user2,user3

I also tried it without the comma but then the attribute contains
exactly the same. I thought it instructs FR to seperate the entry by
commas and have each as a value for the given attribute.
I also thought that maybe the format ([comma][tilde]<Attribute-Name>)
is wrong because for User-Name it's [asterisk][comma]<Attribute-Name>
but when I tried it, the Attribute isn't set at all so I guess the
complete correct format is [asterisk][comma][tilde | equal
sign]<Attribute-Name>
Anyway, what does the comma actually should do?

Thanks


More information about the Freeradius-Users mailing list