Auth-Type in authorize users' file

Alan DeKok aland at deployingradius.com
Wed Feb 25 15:42:47 CET 2015


On Feb 25, 2015, at 3:13 AM, Angel L. Mateo <amateo at um.es> wrote:
> 	Meanwhile, I've been looking for information. According to http://deployingradius.com/documents/configuration/auth_type.html (Common misuses section), Auth-Type main use is to force the user to be accepted or rejected, but Auth-Type should not be used. In the doc modules/ldap_howto.rst.gz doesn't use this too.

  It *recommends* to not force Auth-Type.  Because forcing it is almost always wrong.

> 	According to this, I'm trying to remove the Auth-Type = LDAP on the users' file. But now the user is rejected and freeradius debug shows:
> 
> (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
> 
> 	So, what is the correct way to configure?

  For you, set Auth-Type to LDAP.

  If it works… do it.  Otherwise, don’t.  The recommendation comes because some people are dead set on using it.  Then, they complain that “it doesn’t work”.  Sometimes it’s easier to just say “don’t do that”, instead of giving explanations those people don’t read.

  Alan DeKok.




More information about the Freeradius-Users mailing list