Group Authorization Question
Mike Diggins
mike.diggins at mcmaster.ca
Thu Jan 1 20:03:47 CET 2009
On Thu, 1 Jan 2009, tnt at kalik.net wrote:
>> I made a little progress since my last email. I discovered how to return a
>> group name in the Reply-Message attribute, and then parse that on my
>> appliance. I'm wondering though, if I have users with multiple group
>> membership, should I create a string of group names such as
>> "group1,group2, group3" for each user, and return that as the
>> Reply-Message? Is that a sensible way to do it, or is there a better way?
>>
>
> You can also return multiple attributes (with different values) using +=
> operator.
Thanks. I'll try that as well.
On a related note, should the rlm_dbm_parse program be able to convert the
users file (assuming it is the correct syntax) directly? It complains
about the ntlm_auth type.
[root at dradius1 rlm_dbm]# ./rlm_dbm_parser -c -i users -o userdb
/usr/local/src/freeradius-server-2.1.1/src/modules/rlm_dbm/.libs/lt-rlm_dbm_parser:
users[50]: syntax error
Error: Unknown value ntlm_auth for attribute Auth-Type
Record loaded: 0
Lines parsed: 50
Record skiped: 0
Warnings: 0
Errors: 1
My users file contains:
[root at dradius1 rlm_dbm]# cat users | grep -v "^#"
diggins Auth-Type := ntlm_auth
Reply-Message = "Group=Staff",
Reply-Message += "Group=Network"
DEFAULT Auth-Type := ntlm_auth
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
-Mike
More information about the Freeradius-Users
mailing list