Confused about 'hints' file

Phil Mayers p.mayers at
Sat Jul 15 12:46:34 CEST 2006

Brenckle, Nicholas wrote:
> I had incorrectly thought that the "Hint ==" portion of the entry in the
> hints file tied to the users file entry with the same "Hint ==" part.
> Sort of a "tie these two things together because they have the same
> name" or something.


To reiterate - hints adds items to the incoming request to make them 
look as if they came from the NAS. Most often, the "Hint" item is set to 
some kind of service name.

> The issue is that I do not see the extra attributes passed from the
> entry in the users file.

The thing below is an incomplete entry, and your problem is still unclear.

> 	  Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         X-Ascend-Data-Filter = "IP IN FORWARD TCP EST",
>         X-Ascend-Data-Filter += "IP IN FORWARD 0 DSTIP
>         X-Ascend-Data-Filter += "IP IN DROP TCP DSTPORT = 25",
>         X-Ascend-Data-Filter += "IP IN FORWARD 0",
>         X-Ascend-Assign-IP-Pool = 0
> So if the hints file is not needed to make sure these attributes are
> passed to the authenticating user, what does? The user does pass
> authentication correctly.

The users file. You would normally have:

user1	User-Password := "pass"
	Fall-Through = Yes

user2	Auth-Type := Reject
	Reply-Message = "This user is banned",
	Fall-Through = No

	Service-Type = Framed-User,
	Framed-Protocol = PPP,
	Other-Attributes = Go-Here

If you have something along these lines and it isn't working, run the 
server under debugging mode with the -X argument and post the output.

More information about the Freeradius-Users mailing list