Quoting Phil Mayers <[EMAIL PROTECTED]>:
>> > 2) INNER Auth part ensures that the ldap module is only called for the
>> > INNER part of the check...not for everything else. also very very useful
>> > as it stops outer ID junk and debris from being checked.
>>
>> What IS 'the INNER part' (may depend on the answer on my first question
>> above) as opposed to 'the outer'? In context I get the general idea, but
>> the actual definition on INNER and OUTER?
>
> You're getting hung up on the specifics, which is probably my fault for
> giving minimal info; Autz-Type is a general mechanism. Please see
> doc/Autz-Type for more info.
I'm only slightly wiser from reading that... Shouldn't 'eap' and 'mschap'
be in this Authz-Type to then?
----- s n i p ----
authorize {
preprocess
auth_log
chap
mschap
digest
IPASS
suffix
realmpercent
ntdomain
eap
files
Autz-Type INNER {
ldap
}
}
----- s n i p ----
What I don't understand is why everything is done so many times! The
'authorize' section is done a whole bunch of times, just to authenticate
ONE user [request].
If I have undestood the Authz-Type file correctly (which I'm quite sure
I haven't), I'd put the whole 'authorize' section in a 'Authz-Type' section!
But that can't be right...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
