Help mixing proxied and non-proxied auth mechanisms

Alan DeKok aland at ox.org
Tue Mar 14 19:38:50 CET 2006


Geoff Silver <geoff+freeradius at uslinux.net> wrote:
> Additionally, none of these folks have (or can have) /etc/passwd accounts on
> this system, so I'm not sure that rlm_passwd will work for me necessarily

  Please read the docs & man page for rlm_passwd.  It does *not* read
/etc/passwd.

> That will work for the simple case I provided, but my users file is actually a
> bit more complicated.  There are multiple NAS-IP-Address and/or Huntgroups
> available, and not all users have access to all of them.  The only thing
> guaranteed is that any user who *has* an entry actually has two, one with a
> Hint==Port-1645 and the other with Hint--Port-1812.

  I suggest writing down the specific situations involved.  Include
inputs and outputs.  That will help drive the design.

  The FreeRADIUS configuration is powerful enugh that you should be
able to map your requirements onto some combination of modules and
config files.

  But *first* write down your requirements.  Failure to do that means
you'll be making endless random changes to the config in the hope that
"maybe this works".

  Alan DeKok.



More information about the Freeradius-Users mailing list