Hello All
General Question I am a freeradius system setup where I am authenticating
2 kinds of users
1) Authorized users: Authorized users are users who have are directly
afflited with
an organization and well be using the system indefintely.
2) Guest Users: Authorized users who are indirectly afflited with an
organization and will be
using the system for a very short period.
With that said all my accounts our stored in a LDAP directory and users
are placed into
authorized users groups.
The question that I have is that in the users file I want to be able to
have another level
of authorization for users based on NAS-IP-Address attribute. From
reading the archive
I understand that I can do this with checkval. Unfortantely the only
reference I have
been able to fine is an example based on the default radius.conf file.
What is the syntax
for checkval in the sense of having multiple checkval statements. I
presume this would
work but unfortantely it doesn't.
checkval {
item-name = Calling-Station-Id
check-name = Calling-Station-Id
data-type = string
nofound-reject = no
}
checkval {
item-name = NAS-IP-Address
check-name = NAS-IP-Address
data-type = ipaddr
notfound-reject = yes
}
Unfortantely the first checkval is processed but not the 2nd one. I
think I need to give
it in additional name like I would if I had multiple LDAP directives i.e
checkval NAS-CHECK.
Am I correct on this and if so do I have to change the authorize section
and put something like
Autz-Type CHECKVAL {
checkval NAS-CHECK
}
Lastly is it possible to construct Autz-Types based on Proxies (Proxies
being done locally)
Thanks for your assitance.
--
******************************************************
Craig T. Hancock
Systems Engineer, Infrastructure Services
Office of Information Technology
University of Notre Dame
******************************************************
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
