On Mon, 27 Oct 2003, Stephen Fulton wrote:
> At 04:00 PM 20/10/2003 +0300, Kostas wrote:
>
> >Other than the comments in radiusd.conf and 'man 5 regex' none.
>
> That's too bad. Perhaps before 1.0, an effort can be made to improve the
> documentation somewhat?
Yes and no. Usually bug fixes/new features are more important. And you didn't
say anything about where you found the current documentation lacking so...
> No use coding something esoteric, is there?
>
> > > 1. We use "[EMAIL PROTECTED]". If the realm is missing, we will use
> > > attr_write to add it.
> >
> >proxy.conf:
> >
> >realm NULL{
> >[...]
>
> Just so I'm clear on this, let me word my question another way:
>
> In order to ensure that a realm is added to the packet from a particular
> NAS, you suggest I use the proxy.conf NULL function? This seems to go
> against your advice to another earlier this summer:
>
> http://lists.cistron.nl/archives/freeradius-users/2003/07/msg01290.html
>
> If not, where should I place the "autztype Rewrite { ...." function you
> describe? radiusd.conf? Where specifically?
Well you didn't metion that you want it added for a particular NAS now did you?
In any case, yes that post sums it up. the autztype Rewrite "function" should be
added in radiusd.conf in the authorize section. Check out doc/Autz-Type for more
information.
>
>
> > > 2. Since we're AAA'ing using a SQL database, the username needs to be
> > > parsed so that the username and the realm/domain is split. Then those,
> > > plus the password, are checked against the SQL DB.
> >
> >This is done automatically by the realm module.
>
> Again, just so I'm sure I've properly communicated what I want to do, here
> is the situation reworded:
>
> I want to ensure that only clients allowed to use a specific NAS are using
> it. Everyone else is rejected. Can the realm pass on the info needed to
> make the SQL call? Or should can I assign (for instance) a NAS to a
> particular group instead?
You can do what you want by using the checkval module. Assign a NAS-IP-Address
check item in the sql profile (by using the := operator) for those users and
check it with checkval. The comments for the checkval module (in
experimental.conf) should make it more clear.
>
> Thanks for you patience,
>
> -- Stephen
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
