I'm new to radius and currently trying to understand the setup a colleague has installed some time ago. We see different login-types, e. g. PPP, ARA and callback-PPP. To differentiate between them, my colleague used several LDAP-entrys for each user.
For example, there is "uid=ppp-user,ou=radius" and "uid=ara-user,ou=radius". Since they share several attributes (contact information, password, etc.) I consider this to be a little bit.... unlucky.
Having a good look at the various config-files, I stumbled over "hints". If I understand it correctly, I could set something like
DEFAULT Prefix = "ppp-", Strip-User-Name = Yes
Hint = "PPP",
Service-Type = Framed-User,
Framed-Protocol = PPPDEFAULT Prefix = "ara-", Strip-User-Name = Yes
Hint = "ARA",
Service-Type = Framed-User,
Framed-Protocol = ARAand I could merge my two LDAP-objects? Would be great.
Are there any rules about precedence? For example, radiusAscendSendAuth is currently set to a crypted password for ara-entries but set to "Send-Auth-None" for callback-PPP.
So I'd hope an entry in hints like
DEFAULT Prefix = "ppp-", Strip-User-Name = Yes
Hint = "PPP",
Service-Type = Framed-User,
Framed-Protocol = PPP
ascendSendAuth = Send-Auth-NoneDEFAULT Prefix = "ara-", Strip-User-Name = Yes
Hint = "ARA",
Service-Type = Framed-User,
Framed-Protocol = ARAwould take the crypted value stored in LDAP if there is a "ara-"-prefix but would set "Send-Auth-None" for "ppp-"?
-- CU, Patrick.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
