Autz-Type examples and parse error
Phil Mayers
p.mayers at imperial.ac.uk
Wed Oct 13 15:56:05 CEST 2010
On 13/10/10 14:40, Harry Hoffman wrote:
> Hi Alan,
>
> Thanks for the help! This works well and lessens the confusion on my
> part.
>
> I do have one question. When using ldap as the authorization module the
> Auth-Type gets set properly to siteone_ldap. But if I try using
That's a feature of the "ldap" module; if it is a "named" module it sets
the Auth-Type to that name (otherwise using "LDAP")
> ntlm_auth then the Auth-Type is not set even though ntlm_auth returns
> OK.
The (confusingly named) "ntlm_auth" module is actually a copy of the
"exec" module which checks PAP requests; it does not have that feature.
You are also using it wrong, by running it in the "authorize" section.
You want something like:
authorize {
if (Realm == ...) {
ldap_siteone
}
elsif (Realm == ...) {
update control {
Auth-Type := PAP-ntdom
}
}
}
authenticate {
Auth-Type ldap_siteone {
ldap_siteone
}
Auth-Type PAP-ntdom {
ntlm_auth
}
}
I guess the other alternative is:
authorize {
if (Realm == ...) {
ldap_siteone
}
elsif (Realm == ...) {
ntlm_auth
if (ok) {
update control {
Auth-Type := PAP-ntdom
}
}
}
}
...but maybe it's not really what you should be doing; "authenticate"
should happen after "authorize"
More information about the Freeradius-Users
mailing list