how to organize groups of users getting access to groups of servers

Tue Mar 25 21:37:57 CET 2014

Jan-Frode Myklebust wrote:
> Is this a variable that you just created here for this purpose, or a
> standard attribute?  I.e. can we add random new attributes here?

  You can out random things in the config file.  The server is flexible
that way.  So long as it parses, it will load, and be usable.

  e.g. put this into the bottom of radiusd.conf, and it will work:

house {
	window = yes
	door = no
	electricity = paid
	rent = 1500

  The server won't care.  It will still work.

> We'd
> probably like to match on more than "type"... At least also on "branch", 
> to give people on branch offices management of their own devices.


> BTW: we're on v2.1.12-4.el6_3 (RHEL6-latest), and the manpage for
> clients.conf doesn't say anything about a "type" or allowing to add new
> variables..

  It doesn't say that, because it's a property of the config files, not
the client section.  There are some corners of the server yet to be

>>   Then use "unlang":
> Thanks! That looks very powerfull!

  It makes all of the difference in the world.  It's simple enough to be
easily understandable, and complex enough to do a lot of useful work.

  Alan DeKok.

