Geoff Silver <geoff+freeradius@uslinux.net> wrote:
I noticed in the included raddb/proxy.conf file, the post_proxy_authorize option notes that it's "deprecated and will be removed in the future". I'm using that feature right now, so I'd like to find out if there's a better way to handle the authorization step, or else if this option can be left in the code. I *presume* the right way is to add something to post-proxy {},
Yes.
but when I tried to duplicate my authorize section, I get nothing but errors when trying to start radiusd.
Probably because you're trying to reproduce the authorize stage exactly, which isn't necessary.
My authorization step can go in either the pre-proxy or post-proxy section - the important thing is that the proxy server can handle authentication, but I need to use the users file to do authorization. Ideas on how to do this right are appreciated. Thanks.
If you don't say what the errors are, it's a little difficult to help you. My guess: you're putting "preprocess" in "post-proxy". The simplest thing to do is to not do that... Also, the "files" module doesn't have a "post-proxy" section in 1.1.x. It *does* have that in the CVS head. For now, you can probably leave "post_proxy_authorize = yes" Alan DeKok.