My question was more of where that configuration should live. I can see that you can do attribute checks in the users file, but I am not sure the realm is being set to any attribute...

I can see in the debug messages:

rad_recv: Access-Request packet from host 127.0.0.1 port 53888, id=132, length=95
    User-Name = "user@realm"
    User-Password = "password!"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 0
...
Tue Oct 12 07:38:54 2010 : Info: [IPASS] No '/' in User-Name = " user@realm", looking up realm NULL
Tue Oct 12 07:38:54 2010 : Info: [IPASS] No such realm "NULL"
Tue Oct 12 07:38:54 2010 : Info: ++[IPASS] returns noop
Tue Oct 12 07:38:54 2010 : Info: [suffix] Looking up realm "realm" for User-Name = " user@realm"
Tue Oct 12 07:38:54 2010 : Info: [suffix] No such realm "realm"
Tue Oct 12 07:38:54 2010 : Info: ++[suffix] returns noop

But I never see an attribute being set to the realm. Do I have to explicitly define that somewhere in order to do a check in the users file? Or, is there a better place to do this check (possibly in an IPASS configuration of suffix configuration)?





From: Alan DeKok <aland@deployingradius.com>
Reply-To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Date: Tue, 12 Oct 2010 01:08:14 -0400
To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Subject: Re: Defining an Auth-Type based on a realm

Mathew Rowley wrote:
> Is there a typical way to set an ‘Auth-Type := Kerberos’ when a user is
> part of a specific realm? For testing purposes, I am able to add this to
> the ‘users’ file:
>
> DEFAULT    Auth-Type := Kerberos
>
> But, will need something based on realm in the future.

  You can do comparisons on the Realm, too.  It's just another attribute.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html