Virtual-Server attribute matching in users file.
Matthew Schumacher
matt.s at aptalaska.net
Tue Apr 15 22:10:12 CEST 2008
Alan DeKok wrote:
> Matthew Schumacher wrote:
>> I see that there is a Virtual-Server internal attribute so I thought I
>> could do something like this:
>>
>> DEFAULT Virtual-Server == 'dsl'
> ...
>> DEFAULT Virtual-Server == 'dialup'
>
> Why? The whole point of virtual servers is that you shouldn't have to
> do such comparisons.
I've been doing it this way for a long time to get around the lack of
virtual servers. I've been setting the autz|auth|sess type based on
what I get from the NAS-Identifier. Now that virtual servers are
supported, your right, I don't need this anymore.
>
> It looks like you're pointing *multiple* virtual servers at the same
> "users" file. Don't do that...
>
> modules {
> files dsl_files {
> usersfile = ...dsl_users
> ...
> }
> files dialup_files {
> usersfile = ...dialup_users
> ...
> }
> }
That makes sense, I put it in and it works perfectly.
> Fix the config as above, and then post full debug. Please.
No need, it's working great now that I'm using a separate user file for
each virtual server.
>> Also, I'm noticing that the server returns attributes even when the
>> access request is rejected. Anyone know why that is?
>
> Because that's what you've configured. See attr_filter.access_reject
> for a module that filters the contents of Access-Reject.
>
Your right, I had the attr_filter module commented out because I remove
everything thing I don't think I need, and I didn't think I needed it.
Overall, there are a few changes in 2.x that where different enough that
it took a little head scratching, but now that it's up and running it
makes much more sense. 2.x solves a bunch of problems I was having. In
fact I was getting ready to run a split radius system when I found 2.x
and the new virtual server feature.
Thanks,
schu
More information about the Freeradius-Users
mailing list