It works! After I changed the authorize_check_query the FreeRadius is
now able to check for attributes after Kerberos authentications. Thanks!
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 19, 2007 8:13 PM
To: [EMAIL PROTECTED]; FreeRadius users mailing list
Subject: Re: Grouping after Kerberos 5 authentication accepted?
Jason Chan wrote:
> For example, Kerberos successfully authenticate admin/admin (yes I
> don't use MySQL for authentication), and FreeRadius knows this user
> has permission to access. Now, in the postauth part, FreeRadius
> searches the radreply table in its MySQL database for the proper
> attributes that this particular user has, say Service-Type =
> Administrative-User. I store these attribute information in radreply
> table and leave other tables empty.
> So, I edited the postauth_query in sql.conf:
I think for historical reasons, you have to perform the query in the
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.446 / Virus Database: 269.5.4/768 - Release Date: 4/19/2007
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html