'authorize' module
Edgars Klavinskis
edzix19 at inbox.lv
Wed Jun 15 16:36:08 CEST 2005
Alan,
how to do authentication based on attribute checking (attr_compar or
something like this)?
I mean, if I am adding some atributes to config_items via rlm_passwd how
to check those attributes in the authenticate section? User-Password is
only checkd, nothing more. For example, I want to check Framed-Protocol,
and am adding it to config_items. Where does these config_items go to?
How to compare them?
modcall[authorize]: module "edg_pass" returns ok for request 0
rlm_passwd: Added Framed-IP-Address: '2.2.2.6' to reply_items
modcall[authorize]: module "edg_pass_group" returns ok for request 0
rlm_passwd: Added Framed-Protocol: 'PPP' to config_items
rlm_passwd: Added Auth-Type: 'ACCEPT' to config_items
modcall[authorize]: module "edg_check" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type ACCEPT
auth: type "ACCEPT"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
WARNING! Asked to process empty group. Returning reject.
modcall: group Auth-Type returns reject for request 0
auth: Failed to validate the user.
Login incorrect: [edgars/edgars] (from client lalala port 2549 cli 1.1.1.2)
Edgars
Alan DeKok wrote:
>Edgars Klavinskis <edzix19 at inbox.lv> wrote:
>
>
>>I have created two rlm_passwd modules. Afterwards, have put them under
>>'authorize' section one by one. Why the deamon is accepting the request
>>depending only on the rlm_passwd file where User-Password is present and
>>ignoring the one which should check NAS-IP-Address and Realm?
>>
>>
>
> Read the debug log.
>
>
>
>>My aim is to make it so that if the last mentioned returns "wrong",
>>the whole request is wrong.
>>
>>
>
> Read doc/configurable_failover
>
> Alan DeKok.
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>
More information about the Freeradius-Users
mailing list