Time to put this one to bed - 'tis the season and all that. First up: just to clarify that I think FreeRadius is great, that the FreeRadius community is great (usually... ;-) and that Alan's input is, of course, essential and he has done and continues to do lots of great stuff. Of course, neither he nor anyone else should get bogged down by people who ask daft stuff because they don't take time to read the docs. Etc.
>> Despite trying to be constructive and give some input, especially with >> respect to helping out newbies who may not necessarily be UNIX >> programmers or gurus... > and who are often unwilling to read the existing documentation and >source code to see why or how the server works... I agree with you on the docs front. It's a little tricky on the source code front for those of us (myself included) not familiar with that kind of thing in detail... >> ... I got the answer I expected from you: crude, insulting, inaccurate >> and dismissive. Thanks. > <shrug> I get that complaint a lot when I try to educate people. > > Crude? Maybe. One acronym out of 3 messages. > > Insulting? Nonsense. I didn't call you names. No, but the tone and some of the content (e.g 'read the users file') is to someone who's fairly obviously been there, done that... > Inaccurate? Nonsense. I understand the way the server works, and >described it accurately. I actually meant in sense of understanding what I wrote - you obviously know the details of the server itself... > Dismissive? Absolutely. You asked a question which comes up every >month or so on the list. The issues are addressed in the existing >docs and source code, AND in the mailing list archives. Did you look >at them before posting your question? Nope. Actually YES. I read the docs (I always do, repeatedly too). I specifically read and re-read aaa.txt several times (heck, I mentioned that I'd read it!). And NO, I didn't ask a question which comes up every month or so on the list (if I did, which question was that?). I made an observation about something I feel causes people confusion. If is was clearer maybe it wouldn't come up on the list all the time? (Well, we could hope, but then they don't read the docs... ;-) > Now do you understand why my response was dismissive? Actually, no. Not in this case. If I'd just written a one-line message "how to make it work?" with no more detail then yes, feel free to tear me a new one... > The existing documentation is as clear as we know how to make it, >given the time and effort limitations we've had. If it isn't good >enough, suggest patches. I'm not doubting that. We all have time and resource constraints. Hence making a suggestion for discussion and possible improvement. > The only problem is, that the patches must be vetted and approved >before going in. Of course. >You suggested alternative wording, and I disagreed >with it. Sorry, but that happens. That's fine of course. I would add that it appears others agree a little more closely (if not fully) with what I said. Maybe others do too. Maybe others agree with you. Whatever. As long as it's discussed. >> Compare my above 'adhoc' definition with the one below which you agree >> '100%' with: well, I read them basically the same. > I don't. That's the foundation of our miscommunication. Hmmmm. We'll agree to differ, or let the masses decide... ;-) >> Despite the shortcomings of RADIUS (and I'm no expert here by any >> means) the rest of the world seems to agree from what I can >> tell. Why have you changed the meaning of pretty much standard >> terms? > I haven't. The terms have nuances that you're unaware of. I'm >sorry I was trying to educate you as to those nuances, if that >education upset you. You have, in my opinion. If I'm unaware of something, please educate me - that would be by plainly telling me, not looking down on me. >> As for writing my own radius server: a nice practical tip that. Not. > <shrug> It's an obvious way of discovering those nuances for >yourself. A bit like the house building and ore smelting then. I don't want to learn those to that level. Pick your reason: I don't have the time, I don't need to, I have better things to do, Someone else has already done that so why reinvent, etc etc. > It's also a polite way of saying "If you don't understand how >something works, or with the definitions of the terms used, then don't >argue with how it works, or how those terms are defined." I wasn't arguing with how it works. I wouldn't say I was arguing about how the terms were used. I was making an observation and asking 'why', and (assuming my observation held up) was making a suggestion on maybe how to improve something. I must remember to inform M$, Apple, Sun, Adobe, etc etc to stop doing those 'user workshops' and to stop accepting user feedback on their products... [For those that haven't noticed: yep, I'm a Brit - we have sarcasm down to a fine art form perfected over millenia. Don't mess with us... ] >> I would add that if you're 'authorizing' users to use an >> 'authentication' method you're possibly making a mockery of the >> fall-through and default user features. > I don't deny that the authorization stage is overloaded. I've said >that repeatedly here on the list. > But until we have a better alternative, the current method is as >good as it gets. I've read your alternatives, and I disagree with >them. It was hardly an alternative - I was only suggesting as an idea maybe renaming (and maybe splitting into two) a couple the section names in radiusd.conf. Hardly earth-shattering stuff... And you might disagree, but who say's that's right or best? You know what they say about being too close to something. Maybe a fresh look-see from the point-of-view of the average admin is needed. Maybe not. Maybe others on this list have a view (someone already has noted theirs). >> Off the top of my head (admittedly with little thought) how about: >> "answer: the server is bright enough to check each of the methods it has >> available (maybe to some admin-defined criteria or list) to try to >> identify (authenticate) then authorize the user". There. Wasn't hard >> was it? In fact, I think this applies to FreeRadius already. It's just >> a better way of saying it. > That statement confuses me. What of it I understand is wrong. > The server does NOT "check each of the methods it has available for >authentication". It looks at the request, at the local configuration, >and picks ONE authentication method. It does NOT check each >authentication method. Yes, actually I know that. Although when you say 'authentication' maybe I'm talking about 'authorization'. Heh. Maybe that wasn't clear - I was really aluding to the way the admin can select and list their methods and do things like implement fall-through to get certain results. If I put 'sql' then 'files' in the 'authorize' section it checks both yes? (OK, it's getting late here, my mind has gone...) > Yes, I'm being pedantic here. But if the text used to describe how >the server works is wrong, then people will be even MORE confused. Er... isn't that what I was saying in the first place? We agree then... >> > Again, nonsense. Design a RADIUS server, and then see what stages >> >are required. >> >> Thanks for the practical response. I assume you also built your own >> house, grow your own food and smelted the ore and refined the fuel to >> build and run your own car. Oh, and wrote *all* the software on your own >> computer. > No, but I also don't tell the people who built my house that they're >doing it wrong, and that the vocabulary they're using is wrong. Actually, when they built mine I had to tell them they hadn't completed some firebreak work or done the drains right. But that's another tale. And if they'd used another word for 'roof' when 'roof' is fine for the rest of the world then, yes, I would have told them... The people that built my house also weren't working to a pre-release zero-point version. They're just churning out widgets to a pattern. They are also a commercial company, not a 'community'. So a slight difference methinks. And I wasn't telling, only suggesting a possible improvement. It's what open source communities tend to do... > That's what you're doing here, and you're *surprised* that my >response was as polite as it was? I'd expect that kind of response from someone who doesn't know any better, not from a key figure in a widely used open-source solution when faced with a reasonably written (wrong or not) opinion/suggestion/observation. > If my point is crap, tell me and tell me why. > I did, and you got upset. I guess I shouldn't make that mistake >again. Actually: a) you didn't and b) you threw unwarranted attitude at it. And yes, you shouldn't make that mistake again (well, maybe to lame newbies who don't read any docs at all...) > But the terminology is correct. It's the users who are wrong. The users may well be wrong (users often are), but I disagree: FreeRadius' usage of that terminology does not, in my view, match with that statement noted which you '100% agree' with. Others on this list (some at least) obviously think so too to various degrees. I would add that the Oxford English Dictionary now includes 'to boldly go' which, as we all know, isn't correct English either... but everyone knows what it means... > The solution isn't to do a Microsoft, and totally break everything >to make it "work" the way any random uneducated user expects. The >solution is to do it RIGHT, and then to educate the users as to WHY >and HOW it's done right. That's not what I was asking. > This, I believe, is our main point of disagreement. I want to see >it done right. I want to sit on the list and educate people as to how >and why it's done right. You're free to disagree completely with something I didn't say or ask. > You got upset when I tried to educate you, and suggested changing >the terminology to satisfy your expectations. I got upset because you threw attitude to someone who didn't really deserve it and didn't throw any at you to start. In my book, that's out of order. If you read my original post, I was actually suggesting something which may mostly help other (new) users, not really myself. I've got this stuff working. And you have the nerve to query me calling you 'inaccurate'.... > I refused to go along with that suggestion, and will *always* refuse >to go along with any suggestion I disagree with. If you disagree with good reason, then cool. What happens if everyone else thinks different to you? What then? Do you overrule everyone? Is there the slightest bit of democracy in the FreeRadius project? >> Well, that's me put off trying to be helpful to this community... and I >> was desperately trying to find time to update those notes I wrote too... > I'm sorry you're upset that I disagreed with you. I'm not upset you disagreed with me. People agree and disagree with me all day long. I'm upset because of your attitude. Possibly quite rightly too. As someone who's built networks and systems of all sorts for people for over 15 years and read and posted to many many lists, bbs's, forums etc my response to you was probably the single strongest thing I've ever publically posted (by quite a way). And to be honest, you deserved it. Sorry. But that's how I feel today. >I will understand if you refuse to give anything more to the FreeRADIUS >project. No, I don't think you will understand. And 'refuse' is a bit of a harsh word... maybe it's more a case of my time and ideas just getting taken up by other stuff... > But I'll still be on the list, answering questions (including >yours). Actually, I'm usually one of that 'silent majority' who reads the docs and works it out as best they can. There aren't that many posts from me here... >I'll still write more software that you will be free to use. If it works and does a job needing to be done, great! > That's another area where we differ, I guess. Quite the contrary. If I had the time to write software, I'm pretty sure I'd be giving it away too (well, unless I had to work on it 24/7 and needed an income... them kids is expensive...). If I had the time or skill to write a complete manual for FreeRadius I would probably have done it by now, just because I could. The difference is I don't give attitude to those that don't deserve it and who are trying, even if incorrectly, to genuinely help and add input. In any case: as noted, I find FreeRadius great and it works well for us. Thanks for the work you put in to FreeRadius. That I appreciate. Merry Xmas... SB Scott Bartlett e: [EMAIL PROTECTED] e: [EMAIL PROTECTED] --- This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. Messages sent to and from us may be monitored. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this message, or any attachment, that have arisen as a result of e-mail transmission. If verification is required, please request a hard-copy version. Any views or opinions presented are solely those of the author and do not necessarily represent those of BTA Ltd. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
