Changing domain for ntlm_auth
Phil Mayers
p.mayers at imperial.ac.uk
Thu Jan 26 12:24:56 CET 2012
On 01/26/2012 09:36 AM, NdK wrote:
> Since it seems I have to do EXACTLY the same mapping both in "default"
> and "inner-tunnel" sites, I saved my "if" chain in unibo.map and used
> $INCLUDE to insert it in both virtual servers, just after the opening
> brace of authorize. Hope it's the correct thing to do :) (even if
> there's a "suspect" preprocess module in 'default' thats smells like a
> candidate...).
You can re-use bits of "unlang" as virtual modules. See "policy.conf".
This is often a bit neater than $INCLUDE.
I do exactly this, for exactly this case (username/realm processing).
>
> Too bad it seems unlang doesn't like :
> if (cond) {
> ...
> } elsif (othercond) {
Well, no.
FreeRADIUS config is basically:
block {
item
item = value
sub-block {
subitem
}
sub-block2 {
subitem2
}
}
"if", "elsif" are just blocks. Blocks need to start on their own line.
The name is intended as a hint here - it's NOT a programming language.
It's a syntax for writing authentication policies and rules, that is a
bit like a language.
> That seems quite a serious limit in the unlang grammar...
That's quite a statement. Can't you just hit "return" after "}"?
More information about the Freeradius-Users
mailing list