On Tue, May 24, 2005 at 02:00:28PM -0400, Chris Carver wrote:
> Date: Tue, 24 May 2005 14:00:28 -0400
> From: Chris Carver <[EMAIL PROTECTED]>
> Subject: Re: ldap attribute, checkItem, and the users file
>
> Kostas Kalevras wrote:
[snip]
> >The users file will only check attributes in the request, not in the
> >check item list. So the above won't work. You can try using the policy
> >module:
> >
> >if ("%{check:redirectPort80}" == "true") {
> > reply .= {
> > Framed-Route = "0.0.0.0/0 205.247.236.1/32 1"
> > }
> >}
>
>
> Thank you for the reply! The logic I see there should definitely work,
> but I'm still a bit confused. I did some research and I'm having any
> trouble finding mention of the policy module you mention. Although
> doc/variables.txt was very helpful, it doesn't show any use of an if
> statement and I'm not sure in what configuration file(s) such a piece of
> code would be acceptable. Where would I put the lines you mentioned
> above? Sorry if I'm making a silly mistake or overlooking something.
I see there no policy module in freeradius version 1.0.2, but there's
one in CVS HEAD.
Although I wouldn't mind to have a list of "check items" in addition
to request items, config items and reply items. So authorization modules
puts items to be checked into "check items" list and after proccessing
all modules, radius compares "check items" with "request items". What do
you think about this?
Best wishes
--
Alexei Chetroi
Smile... Tomorrow will be worse. (c) Murphy's Law
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
