Yup, that makes sense. The IPSec stuff requires no reply items at all, just the password check item so the revised reply item list will be blank. Since I'm using an SQL backend it looks as though I'll have to make use of preprocess anyway and not the users file Fall-Through, which I think you were suggesting.
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Alan DeKok > Sent: Tuesday, September 03, 2002 11:12 AM > To: [EMAIL PROTECTED] > Subject: Re: Ignoring reply items > > > "Jason Lixfeld" <[EMAIL PROTECTED]> wrote: > > I have a pretty generic setup where DSL users authenticate > > against my Freeradius system. The entry for each DSL customer has > > rather generic reply items such as Framed-IP-Address, > Framed-IP-Netmask, > > Framed-Protocol and Service-Type. What I want to do is use the same > > username and password check item that authenticates DSL users to > > authenticate an IPSec tunnel. My concern is that the reply items > > normally used to configure the DSL CPE will conflict with the IPSec > > client. What I'm wondering is if it is possible to tell > FreeRadius to > > not send back any reply items if it's an IPSec tunnel (this would be > > determined by huntgroups, most likely). > > I don't think that's what you want. I *think* you want it to send > *different* reply items (even if that reply list is empty). > > Looking at the problem that way should allow you to come up with a > different approach to the problem. So rather than adding garbage > items, and then deleting them, you want to configure it to NOT add > those items in the first place. > > > If the reply items are unique for every user, then this can become > difficult. If the reply items are the same for all users, then it > shouldn't be too hard. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
