CHECKVAL
Alan DeKok
aland at ox.org
Fri Jun 24 18:24:20 CEST 2005
Craig Hancock <chancock at nd.edu> wrote:
> Unfortantely the first checkval is processed but not the 2nd one. I
> think I need to give
> it in additional name like I would if I had multiple LDAP directives i.e
> checkval NAS-CHECK.
Yes.
> Am I correct on this and if so do I have to change the authorize section
> and put something like
> Autz-Type CHECKVAL {
> checkval NAS-CHECK
> }
No. You list "NAS-CHECK" in the section, just like you list "checkval".
But you don't need that:
> checkval {
> item-name = NAS-IP-Address
> check-name = NAS-IP-Address
> data-type = ipaddr
> notfound-reject = yes
> }
This can be done in the "users" file:
DEFAULT NAS-IP-Address !* 127.0.0.1, Auth-Type := Reject
> Lastly is it possible to construct Autz-Types based on Proxies (Proxies
> being done locally)
Huh? What do you mean by that?
More information about the Freeradius-Users
mailing list