Confused about 'hints' file
Phil Mayers
p.mayers at imperial.ac.uk
Sat Jul 15 12:46:34 CEST 2006
Brenckle, Nicholas wrote:
> I had incorrectly thought that the "Hint ==" portion of the entry in the
> hints file tied to the users file entry with the same "Hint ==" part.
> Sort of a "tie these two things together because they have the same
> name" or something.
No.
To reiterate - hints adds items to the incoming request to make them
look as if they came from the NAS. Most often, the "Hint" item is set to
some kind of service name.
>
> The issue is that I do not see the extra attributes passed from the
> entry in the users file.
The thing below is an incomplete entry, and your problem is still unclear.
>
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> X-Ascend-Data-Filter = "IP IN FORWARD TCP EST",
> X-Ascend-Data-Filter += "IP IN FORWARD 0 DSTIP
> 192.168.100.100/32",
> X-Ascend-Data-Filter += "IP IN DROP TCP DSTPORT = 25",
> X-Ascend-Data-Filter += "IP IN FORWARD 0",
> X-Ascend-Assign-IP-Pool = 0
>
> So if the hints file is not needed to make sure these attributes are
> passed to the authenticating user, what does? The user does pass
> authentication correctly.
The users file. You would normally have:
user1 User-Password := "pass"
Fall-Through = Yes
user2 Auth-Type := Reject
Reply-Message = "This user is banned",
Fall-Through = No
DEFAULT
Service-Type = Framed-User,
Framed-Protocol = PPP,
Other-Attributes = Go-Here
If you have something along these lines and it isn't working, run the
server under debugging mode with the -X argument and post the output.
More information about the Freeradius-Users
mailing list