Confused about 'hints' file

Brenckle, Nicholas NBrenckle at dsl.net
Fri Jul 14 21:49:28 CEST 2006


I had incorrectly thought that the "Hint ==" portion of the entry in the
hints file tied to the users file entry with the same "Hint ==" part.
Sort of a "tie these two things together because they have the same
name" or something.

The issue is that I do not see the extra attributes passed from the
entry in the users file. 

	  Service-Type = Framed-User,
        Framed-Protocol = PPP,
        X-Ascend-Data-Filter = "IP IN FORWARD TCP EST",
        X-Ascend-Data-Filter += "IP IN FORWARD 0 DSTIP
192.168.100.100/32",
        X-Ascend-Data-Filter += "IP IN DROP TCP DSTPORT = 25",
        X-Ascend-Data-Filter += "IP IN FORWARD 0",
        X-Ascend-Assign-IP-Pool = 0
 
So if the hints file is not needed to make sure these attributes are
passed to the authenticating user, what does? The user does pass
authentication correctly.

Thank you,
Nicholas Brenckle

-----Original Message-----

The question was not about "huntgroups", but "hints". hints is used
during preprocess and is a packet mangler: it's the only place where you
can modify and add all the request items at will. It's mostly often just
used to add request items based on the prefix or suffix of the User-Name
attribute for historic reasons, but it's much more powerful than just
that.
The only packets ignored by hints are those without a User-Name
attribute (Acct-Start and -Stop mostly), this limitation is for historic
reasons.

If it works if you don't touch the file, and it doesn't when you do, the
solution is simple: don't touch it.

Greetings,

Stefan Winter

--
Stefan WINTER




More information about the Freeradius-Users mailing list