New User and AD Question
McNutt, Justin M.
McNuttJ at missouri.edu
Tue Mar 1 17:39:50 CET 2011
> this stuff doesnt touch the User-Name - it just looks at it
> and alters the servers proxy choosing behaviour which
> is what makes it useful and powerful.
It's not doing it correctly yet. See previous message.
> the language is 'unlang' - its a built in parser in
> freeradius - making the server very powerful by being able to
> actually put coding logic into the config files....in short
> its brilliant. 'man unlang' for more info
Yup. I've been reading that, but it's a lot to digest in a short amount of time. Working on that.
> > "radiusd -XC" likes it. Hopefully, I'll be able to tell if
> one or both of these schemes works fairly early tomorrow.
> I was going to suggest a session of radiusd -X because in
> the output you can actually SEE the logic decisions
> being made - which really really helps with dealing with
> false/true hits where you might not expect them..
> the old 'why didnt that match?' question gets answered very quickly
I sent a relevant snippet in my last message (unredacted in any way).
The worst part of what I sent just now is that it was no longer attempting EAP. LDAP auth for the "host/blah.blah" will never work, since the computer doesn't have a cleartext password. It's going to have to go through mschap if it's going to succeed. I think. (Feel free to tell me I'm nuts...)
More information about the Freeradius-Users