Authorization

[Alan DeKok]

Stefan Adams <stefan at borgia.com> wrote:
> I have read all the man pages and /docs and am having a difficult time
> understanding the authorization.  I keep wanting to write
> "if...elseif...else" stuff but I'm pretty sure that doesn't apply to
> FreeRADIUS config files.

  Unfortunately, yes.

> How would I configure the checkval module?  Is it even necessary to use the
> checkval module?  How would I conifgure the users file?  Is the users file
> even necessary?

  I wouldn't configure the checkval module.  Just the "users" module,
something like:

DEFAULT  LDAP-Group == faculty, Called-Station-Id != "faculty", Auth-Type := Reject

DEFAULT  LDAP-Group == students, Called-Station-Id != "students", Auth-Type := Reject

> P.S.  I don't know who to direct compliments to, but the FreeRADIUS code is
> probably the most beautifully structured source code I have ever read.  It
> is SO easy to read and extremely consistent!  It's phenomenal!

  You can thank everyone who contributed so far. :)

  Alan DeKok.