Hello everybody, I wish you a merry christmas. I have one small question, something I don't understand, and I didn't found any explication nowhere : I have something like this : --- radiusd.conf authorization { ... etc_smbpasswd files ... } --- users DEFAULT Auth-Type != MS-CHAP ..... DEFAULT Auth=Type == MS-CHAP ..... In the debug output of radiusd, I see something like : rlm_passwd: Added LM-Password: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' to config_items rlm_passwd: Added NT-Password: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' to config_items rlm_passwd: Added SMB-Account-CTRL-TEXT: '[UX ]' to config_items rlm_passwd: Adding "Auth-Type = MS-CHAP" That's done before the mod_call to 'files'. However, there's no matched entry in 'users'. What does it mean ? Why is not Auth-Type set to MS-CHAP before to look at 'users' ? Is there a doc somewhere that precisely describes how the server chains things ? But perhaps it's a big secret, a kind of graal that only radius core developpers can touch ? :-) However, a public version could be really helpfull... -- Samuel Degrande LIFL - UMR8022 CNRS - INRIA Futurs - Bat M3 Phone: (33)3.28.77.85.30 USTL - Universite de Lille 1 Fax: (33)3.28.77.85.37 59655 VILLENEUVE D'ASCQ CEDEX - FRANCE [CA certs: http://igc.services.cnrs.fr/CNRS-Standard/recherche.html ]
Samuel Degrande <Samuel.Degrande@lifl.fr> wrote:
--- users
DEFAULT Auth-Type != MS-CHAP ..... DEFAULT Auth=Type == MS-CHAP .....
You can't do that kind of comparison with the "users" file.
Is there a doc somewhere that precisely describes how the server chains things ?
Yes. The "man" pages for the modules, and the doc/ directory contain files describing how the server works. Read them.
But perhaps it's a big secret, a kind of graal that only radius core developpers can touch ? :-) However, a public version could be really helpfull...
When you figure it out, add it to the wiki. Alan DeKok.
What is the procedure of proxy? Even if we proxy any@myproxy.com to a remote server, our radius will still go thru the authorization module listed in authorize of radiusd.conf? Kevin
Never mind. I missed "post_proxy_authorization" in proxy.conf. Thanks, Kevin kevin wrote:
What is the procedure of proxy?
Even if we proxy any@myproxy.com to a remote server, our radius will still go thru the authorization module listed in authorize of radiusd.conf?
Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (3)
-
Alan DeKok -
kevin -
Samuel Degrande