CHECKVAL

[Craig Hancock]

Hello All

General Question I am a freeradius system setup where I am authenticating
2 kinds of users

1) Authorized users: Authorized users are users who have are directly 
afflited with
an organization and well be using the system indefintely.
2) Guest Users: Authorized users who are indirectly afflited with an 
organization and will be
using the system for a very short period.

With that said all my accounts our stored in a LDAP directory and users 
are placed into
authorized users groups.

The question that I have is that in the users file I want to be able to 
have another level
of authorization for users based on NAS-IP-Address attribute. From 
reading the archive
I understand that I can do this with checkval. Unfortantely the only 
reference I have
been able to fine is an example based on the default radius.conf file.  
What is the syntax
for checkval in the sense of having multiple checkval statements. I 
presume this would
work but unfortantely it doesn't.

checkval {
 item-name = Calling-Station-Id
 check-name = Calling-Station-Id
 data-type = string
 nofound-reject = no
}

checkval {
  item-name = NAS-IP-Address
  check-name = NAS-IP-Address
 data-type = ipaddr
 notfound-reject = yes
}

Unfortantely the first checkval is processed but not the 2nd one. I 
think I need to give
it in additional name like I would if I had multiple LDAP directives i.e 
checkval NAS-CHECK.

Am I correct on this and if so do I have to change the authorize section 
and put something like
Autz-Type CHECKVAL {
      checkval NAS-CHECK
}

Lastly is it possible to construct Autz-Types based on Proxies (Proxies 
being done locally)


Thanks for your assitance.

-- 
******************************************************
Craig T. Hancock
Systems Engineer, Infrastructure Services
Office of Information Technology
University of Notre Dame
******************************************************