New User and AD Question

McNutt, Justin M. McNuttJ at
Tue Mar 1 17:39:50 CET 2011

> this stuff doesnt touch the User-Name - it just looks at it 
> and alters the servers proxy choosing behaviour which
> is what makes it useful and powerful.

It's not doing it correctly yet.  See previous message.

> the language is 'unlang' - its a built in parser in 
> freeradius - making the server very powerful by being able to
> actually put coding logic into the config short 
> its brilliant.  'man unlang' for more info

Yup.  I've been reading that, but it's a lot to digest in a short amount of time.  Working on that.

> > "radiusd -XC" likes it.  Hopefully, I'll be able to tell if 
> one or both of these schemes works fairly early tomorrow.
> I was going to suggest a session of radiusd -X   because in 
> the output you can actually SEE the logic decisions
> being made - which really really helps with dealing with 
> false/true hits where you might not expect them..
> the old 'why didnt that match?' question gets answered very quickly

I sent a relevant snippet in my last message (unredacted in any way).

The worst part of what I sent just now is that it was no longer attempting EAP.  LDAP auth for the "host/blah.blah" will never work, since the computer doesn't have a cleartext password.  It's going to have to go through mschap if it's going to succeed.  I think.  (Feel free to tell me I'm nuts...)


More information about the Freeradius-Users mailing list