> -----Original Message-----
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On 
> Behalf Of Alan DeKok
> Sent: Sunday, February 15, 2004 12:09 PM
> To: [EMAIL PROTECTED]
> Subject: Re: No attributes after proxy autentication 
> 
> "Troy Settle" <[EMAIL PROTECTED]> wrote:
> > After some 4 years, I'm back to looking at freeradius, and 
> while I found
> > the configuration daunting at first, I quickly got it 
> trimmed down to
> > the bare essentials of what I need (which is authorization 
> only).  Great
> > job, the configuration syntax is fairly easy to get once all the
> > commentary and useless crap has been cut out of the config files.
> 
>   It's called "documentation" :)

Yeah, I know, but I'm not sure which is more daunting... Complex software
with no documentation, or copmlex software with as much documentation as
FreeRadius has.  When I'm done with my migration, I think I may look into
contributing on the documentation (which I actually intended to do when this
project first got off the ground 4 years ago).

> 
> > Authentication reqeusts are being successfully proxied out 
> to the master
> > servers (the VISP), but the freeradius server is ignoring 
> the attributes
> > set in the users file (such as static IPs), even though it 
> clearly says
> > it matched.
> 
>   By default, the reply from the home server is taken as the basis for
> the reply to the NAS.  The local attributes are also added.
> 
> >     modcall[post-proxy]: module "attr_filter" returns updated for
> > request 0
> 
>   I would suggest double-checking that configuration.  It's deleting
> the attributes from the home server.

Actually, this is the behavior I want (for now).  I want complete control
over all the attributes myself (static IP assignments, filters, reply
messages, etc).  The only thing I want from the home server, is password
authentication.

> 
> >    authorize: Skipping authorize in post-proxy stage
> 
>   See "post_proxy_uses", to add local attributes to the reply to the
> NAS.

Yup, I changed this back to 'yes' after doing some more digging, and the
desired behavior came back.  I did try to add 'files' to post-proxy, but
apparently 'files' doesn't have a hook for this.  No big deal, as long as
the backwards compatibility stays in.


--
  Troy Settle
  Pulaski Networks
  http://www.psknet.com
  540.994.4254 ~ 866.477.5638


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to