this stuff doesnt touch the User-Name - it just looks at it and alters the servers proxy choosing behaviour which is what makes it useful and powerful.
It's not doing it correctly yet. See previous message.
the language is 'unlang' - its a built in parser in freeradius - making the server very powerful by being able to actually put coding logic into the config files....in short its brilliant. 'man unlang' for more info
Yup. I've been reading that, but it's a lot to digest in a short amount of time. Working on that.
"radiusd -XC" likes it. Hopefully, I'll be able to tell if one or both of these schemes works fairly early tomorrow.
I was going to suggest a session of radiusd -X because in the output you can actually SEE the logic decisions being made - which really really helps with dealing with false/true hits where you might not expect them.. the old 'why didnt that match?' question gets answered very quickly
I sent a relevant snippet in my last message (unredacted in any way). The worst part of what I sent just now is that it was no longer attempting EAP. LDAP auth for the "host/blah.blah" will never work, since the computer doesn't have a cleartext password. It's going to have to go through mschap if it's going to succeed. I think. (Feel free to tell me I'm nuts...) --J