Hello Alan,

It works! After I changed the authorize_check_query the FreeRadius is
now able to check for attributes after Kerberos authentications. Thanks!

Regards,
Jason

-----Original Message-----
From: Alan DeKok [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 19, 2007 8:13 PM
To: [EMAIL PROTECTED]; FreeRadius users mailing list
Subject: Re: Grouping after Kerberos 5 authentication accepted?


Jason Chan wrote:
> For example, Kerberos successfully authenticate admin/admin (yes I 
> don't use MySQL for authentication), and FreeRadius knows this user 
> has permission to access. Now, in the postauth part, FreeRadius 
> searches the radreply table in its MySQL database for the proper 
> attributes that this particular user has, say Service-Type = 
> Administrative-User. I store these attribute information in radreply 
> table and leave other tables empty.
> 
> So, I edited the postauth_query in sql.conf:

  I think for historical reasons, you have to perform the query in the
authorize section.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog


-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.5.4/768 - Release Date: 4/19/2007
5:32 AM


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to