Wm. Josiah Erikson wrote:
I'm not sure what the syntax rules for the authorize{} section of the
config files are; I was unable to find any description in the docs of
how one goes about figuring out how to write these conditional
statements. What language is it?
$ man unlang
It seems
Oh. Now I'm embarrassed. Thanks and sorry! :)
-Josiah
Alan DeKok wrote:
# As of 2.0.0, FreeRADIUS supports a simple processing language
# in the authorize, authenticate, accounting, etc. sections.
# See man unlang for details.
Alan DeKok.
-
List
I appear to have gotten this working by adding the following to my
authorize {} section:
if (Realm == localdomain.edu) {
files
ldap
}
Obviously removing the reference to files and ldap from elsewhere in
the authorize section. Then I do LDAP group checking in the users file
like
I see. I can, indeed, remove Auth-Type := LDAP from the users file and
it still works. Cool!
However, the behavior described in the documentation is not what I'm
seeing, and I'm still getting (contrary to what I said in my previous
email) authorization requests not being proxied, even though
Wm. Josiah Erikson wrote:
# Setting Auth-Type = LDAP is ALMOST ALWAYS WRONG. We
# really can't emphasize this enough.
Uh. OK. That's exactly what I'm doing, and it's working :)
Then it works. It's fine.
That message is for the majority of people who force LDAP to be
Hi,
I'm the guy that's trying to kinda duplicate eduroam, if you
remember - I had an outdated server and Alan recommended I update to
v2.0.1, which I have now done.
I've gotten this working (after updating my server and building
freeradius packages for it) - in 2.0.1, when I uncommented
I had to log onto the website to see Alan's reply for some reason (I
think I need to adjust my spam filters) - thanks for that! So I'm
replying to my original message instead of to Alan's.
Alan says proxying does this for me, but in fact it doesn't (in my old
version anyway). proxying seems
Hi,
1. Proxy authorization as well - it's not clear how to do this. Can you?
I'd really just like to forward the entire request elsewhere, before
anything else happens, so I'd like to check the realm FIRST, and not do
anything if it's not a local realm.
yes, thats exactly what you do
Hello all,
We are trying to set up a cross-auth proxy setup between our five
RADIUS servers in different realms at five different institutions, so
that any active student, staff, or faculty from any of our institutions
can go to any of the other institutions and log onto the network. This
9 matches
Mail list logo