Problemes with the mystic of freeradius configuration
Alan DeKok
aland at deployingradius.com
Fri Oct 8 16:20:26 CEST 2010
Klaus Ethgen wrote:
> Phil Mayers <p.mayers at imperial.ac.uk> schrieb:
>> Try this:
...
> Doesn't work:
> server probes {
> +- entering group authorize {...}
> ++[ok] returns ok
> ++[handled] returns handled
> } # server probes
The debug log shows that you did *not* try Phil's suggestion.
> I believe that. But I defined a authenticate method: "ok" And I do not
> want freeradius to think that it should do some extra work than that
> what I told them.
Go back and read the default configuration files. The "authenticate"
section is composed of a set of *individual* authentication methods.
You can't just delete them all and expect them to work.
i.e. If you don't understand how the server works, it's not a good
idea to butcher the configuration.
Go back and try Phil's suggestion. It works. Don't put anything else
in the "authorize" section. Don't use an "authenticate" section.
> Hmmm.. I'll try. I want to have all configuration concerning one virtual
> server to be encapsulated within this server. As I read the
> documentation and the examples, that work for some configuration
> settings but not for all.
Exactly. If you want different configurations for a virtual server,
use different configuration files. See raddb/radrelay.conf for an example.
> Well, ok, I will the next time. Principle it is all the same that the
> documentation about freeradius only covers the standard tasks but if you
> need a configuration that is a bit special you are on your own.
Exactly. The server includes documentation on how it works, and what
each configuration option does. It's left to you to figure out how to
translate that into your requirements.
The server does *not* include documentation for how to set up your
environment. We don't know what you want, and there are millions of
possible configurations.
Alan DeKok.
More information about the Freeradius-Users
mailing list