dictionary: override attribute type/id mapping
Andriy Gapon
avg at icyb.net.ua
Wed Feb 8 15:34:29 CET 2006
I use freeradius-1.1.0 built from FreeBSD ports on FreeBSD.
There is the following comment in default raddb/dictionary.sample (this
file probably comes from the FreeBSD port):
#
# Place additional attributes or $INCLUDEs here. They will
# over-ride the definitions in the pre-defined dictionaries.
#
But this doesn't seem to be true or, at least, entirely true.
For example, I place the following lines in my raddb/dictionary:
# big all-inclusive freeradius dictionary
$INCLUDE /usr/local/share/freeradius/dictionary
# my local dictionary
$INCLUDE /usr/local/local/dictionary.mine
And dictionary.mine has this content:
#try to override Digest-Response with value from
# draft-ietf-radext-digest-auth-06.txt
ATTRIBUTE Digest-Response 102 string
Then I get the following error on radiusd startup:
$ radiusd -sfxxyz -l stdout
...
Errors reading dictionary: dict_init:
/usr/local/local/dictionary.mine[3]: dict_addattr: Duplicate attribute
name Digest-Response
Errors reading radiusd.conf
Shouldn't I be able to override name->number mapping for attributes ?
How to work around this problem ? Is copying the "all-inclusive"
dictionary and throwing out the following line the only solution ?
ATTRIBUTE Digest-Response 206 string
On a related note - is it a good idea in general to have digest
authentication stuff defined in main dictionary file and
dictionary.freeradius.internal ? Especially given that those definitions
are based on the very old and expired draft and are very unlikely to
become standard. I think that those definitions should be clearly
separated into their own dictionary and they should also somehow be
marked as based on the draft-sterman-aaa-sip-00.txt and conflicting with
the subsequent drafts, including the latest one
(draft-ietf-radext-digest-auth-06.txt).
--
Andriy Gapon
More information about the Freeradius-Users
mailing list