Greg Woods wrote: > I can't find any information on groups except for the "chroot" group and > huntgroups, and neither of those appears to be related to what I'm > trying to do. I grepped all the config files and there's no "man 5 > groups". Can you point me to the documentation on groups?
Use *any* kind of groups. Unix groups, groups in SQL, or groups defined on the server. See "man rlm_passwd" for an example. > Since the requests are all generated by the same clients, nothing is > different. What I need is to be able to have certain users proxied to > the s/key back end server, and the rest of them proxied to the default > otp back end server. So whatever I come up with has to be able to key on > the User-Name attribute. See "man rlm_passwd". You will need to put the s/key users int a group, and proxy based on membership in that group. >> Where is that information stored? > > That is what I am trying to figure out. No... where do *you* want to store the information about which user belongs in which group. > Certainly, the User-Name > attribute is coming in as part of the Access-Request packet. I want to > be able to decide, based on the value of that attribute, which realm it > should be proxied to (or if realms isn't the right way to do this, in > some way based only on User-Name I have to be able to proxy to different > back end servers). And where do you want to store that information? > It appears from the comments in the preproxy_users file that this may be > where I should be doing this. But it doesn't work because the authorize > section has previously determined the realm. pre-proxy is done *after* the decision has been made to proxy the request. > Apparently User-Name is immutable. But it doesn't look like I can set > Realm either because that is always determined from User-Name. Catch-22. No. If you don't need the "realms" module, then delete the references to it. That's why the configuration files are editable. You *can* edit them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
