Defining an Auth-Type based on a realm
Mathew Rowley
mathew_rowley at cable.comcast.com
Tue Oct 12 17:31:39 CEST 2010
Ah, I was misunderstanding the proxy functionality. I thought it was only
used for proxying radius requests to other radius servers.
I was having a problem with configuring the users file. Why will this set
Auth-Type:
DEFAULT Realm == "realm", Auth-Type := Kerberos
And this will not:
DEFAULT Realm == "realm"
Auth-Type := Kerberos
Looking through the examples in the users file, it seems like it should
(assuming the examples work):
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
From: Alan DeKok <aland at deployingradius.com>
Reply-To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Date: Tue, 12 Oct 2010 10:28:35 -0400
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: Defining an Auth-Type based on a realm
Mathew Rowley wrote:
> My question was more of where that configuration should live. I can see
> that you can do attribute checks in the users file, but I am not sure
> the realm is being set to any attribute...
Read the debug output. The realm isn't being set because you didn't
define one.
> Tue Oct 12 07:38:54 2010 : Info: [suffix] Looking up realm "realm" for
> User-Name = " user at realm"
> Tue Oct 12 07:38:54 2010 : Info: [suffix] No such realm "realm"
Well.. that should be pretty obvious.
> But I never see an attribute being set to the realm. Do I have to
> explicitly define that somewhere in order to do a check in the users
> file? Or, is there a better place to do this check (possibly in an IPASS
> configuration of suffix configuration)?
See raddb/proxy.conf for documentation on configuring realms.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101012/72288d31/attachment.html>
More information about the Freeradius-Users
mailing list