Le Jeudi 6 Février 2003 15:40, Alan DeKok a écrit : > > +----+-----------+-------------------+-------+------+ > > > > | 6 | internix | No-Such-Attribute | | := | > > What the heck is that line for?
It's an ugly kludge done because some people here found « counter-intuitive » that groups would either disappear (in our custom Web interface) when there weren't any more attributes in them, or either refuse to drop the last item. So, since they're customers, and I didn't want to take the time to explain them the problem, I just throwed this attribute (which doesn't seem to be sent back to the NASes, even though scouring the code didn't learn me what purpose it really has) and made it invisible from the interface. Now, the customer can have his empty groups (I _know_ that's dumb) and I can have them off my shoulders at the price of a terrible technical solution. Sad :-( > That won't work, unfortunately. The '!=' check for Auth-Type isn't > supported. Ah. > That means pass the users through 'files', and then ALSO through > 'suffix'. > > The 'Fall-Through = Yes' attribute works ONLY inside of the 'users' > file, and doesn't affect the handling of the 'authorize' section. Not in SQL tables ? OK, I dropped it. > What you want to do here is read 'doc/configurable_failover', which > allows you to set up fail-over of fall-through between different > modules in 'authorize' All right. *It works !* This configuration seems to do what I wanted : authorize { redundant { sql notfound = 1 ok = return } files suffix } with users containing : DEFAULT Service-Type == Call-Check, Auth-Type := Accept DEFAULT Proxy-To-Realm := "alien" (all += changed to :=, per Chris' message, and to avoid the remote chance something could supersede them). OK, one last question (much less important) : I would want to change the attributes sent back from the proxy server. I thus dutifully installed CVS20030205, added a post-proxy { } section at the end of radiusd.conf, and proceeded to add some attr_rewrite sections : attr_rewrite ascendmaxchanns { attribute = Ascend-Maximum-Channels searchin = reply searchfor = "" replacewith = "1" ignore_case = no new_attribute = yes max_matches = 1 append = no } attr_rewrite setcompression { attribute = Framed-Compression searchin = reply searchfor = "" replacewith = "Van-Jacobson-TCP-IP" ignore_case = no new_attribute = yes max_matches = 1 append = no } and in the section : post-proxy { ascendmaxchanns setcompression } They work right, but not that one : attr_rewrite randomipaddr { attribute = Framed-IP-Address searchin = reply searchfor = "255.255.255.254" replacewith = "194.79.150.%{expr: %{NAS-Port-Id} + 195}" ignore_case = no new_attribute = no max_matches = 1 append = no } Or rather, it works... If I set new_attribute to yes. However, I'm then left with two conflicting Framed-IP-Address attributes. With new_attribute set to no, it just says that : rlm_attr_rewrite: Could not find value pair for attribute Framed-IP-Address modcall[post-proxy]: module "randomipaddr" returns noop Huh ? But he *should* have found that value, I'm pretty sure the upstream RADIUS sends one back... Anyway, thanks to everyone who helped me solve this proxy problem. Very nice of you, people :-) Cheers, -- [ Jacques Caruso <[EMAIL PROTECTED]> Développeur PHP ] [ Monaco Internet http://monaco-internet.mc/ ] [ Tél : (+377) 93 10 00 43 Clé PGP : 0x41F5C63D ] [ -+- Support bacteria! They're the only culture some people have. -+- ] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html