"Also sprach Alan DeKok:" > "Peter T. Breuer" <[EMAIL PROTECTED]> wrote: > > I don't presently know where all this stuff should go, since I have > > only been using the server for 30 mins, and am pleased to be able to > > get it to work and respond! (I tried gnu-radius and gave up in horror). > > Any particular reason why?
The configuration was relatively painful! I actually liked freeradius's config. I had great trouble with gnu-radius. It may be the emacs/vi users divide. > > > If the request packet contains the attributes Service-Type and > > > Framed-Protocol, with the given values, > > > > WHAT "given values"? Only one of them has a "given value" in the > > example above. Framed-Protocol. > > I'm not sure why you would think that. Because the other is in capital letters, called PPP, and does not begin with an "x" or contain a "-", all things which would indicate variables. It looks like a constant. PPP. If it is a variable, then it does not look like one. It's the name of a well known protocol. That's why I think that. OTOH you have things that are obviously field names, because they contain "-". Field names have been used forever as variables. They are pointers to a value - i.e., variables. When you read "Colour-Spectrum" you do not expect it to mean the string "Colour-Spectrum", but instead a vector of real numbers. > > Yecch. I hate bad writing. It's annoying. > > As always, patches are welcome. Well, I'll do my best. > > Etc. Unfortunately, failure to define Value ... the only hint that one > > may use field names as Values is in the examples section. > > The values are up to you. The type of value which is permitted is > defined in the RADIUS RFC's, as each attribute is given a type. See: > > http://www.freeradius.org/rfc/attributes.html Sorry - failed writing. Reference out of immediate context. Use of term before definition, etc. In technical writing one must define every special technical usęge ("jargon") immediately efore its first use. In this case, now I have a little experience, I GUESS: Values on the rhs of an = may be either constants (strings in quotes) or variables (names which have been introduced before that point on the rhs of an ==). Values on the rhs of an == may be either constants (...) or variables (names which have NOT been intrduced before that point on the rhs of an =Æ or appeared in an = ...). However, all my experiments failed to confirm that. What I finally had success with was foo bar =~ "^(.+)" gum = `%{0}` Yay!!!!! Found in doc/variables.* ! > The "field names" you're talking about are also defined in the > RFC's. Tough - if I have to read the rfc why should I read your manual page? You can jolly well define what you are talking about! Writing is about putting yourself in the shoes of your reader and guiding them to a semantic understanding that matches yours. Anything else is arrogance - i.e. a failure to take into account the other person. > So "Framed-Protocol = PPP" is referencing two things: > attribute, and value, both defined in the RFC's. ^ "variable" (not value). ^ respectively. If you are going to start using the term "value" to mean a "variable", then you are going to confuse everyone else in the world. Please stop this private little joke now. The proper linguistic name for the rhs of your "=" sign is a "term", not surprisingly! You seem to allow terms that are either constants (you may call THOSE "values"!) or variables. Well, that the RHS _is_ a variable is not clear to me - what makes it so? The lexical structure of the name (all caps? No "-"?)? Or the fact that it has not yet appeared before on the rhs of a =? Or of a ==? Which? > Things like the proper value for IP addresses, or user names, aren't > defined in any of the documentation, because they're up to you to > determine. You are using the word "value" in some way that I have never seen used before. I think you mean that the values taken by your variables may be anything more or less, and you have set no restrictions beyond something like "it's a string of no more than 256 chars". Yes. Well? Why is that statement of interest? > > No, I got the same response, but I really have no indication of what > > reply is going out or if my new users entry matched anything. How does > > one turn on some sort of debugging of the OUTGOING data? > > $ radiusd -X It doesn't show the reply. All that shows up is: auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [ptb/cacsd1] (from client localhost port 0) Sending Access-Accept of id 10 to 1.2.3.4:4196 Finished request 0 Now - I eventually managed to find out that was because there was NO (extra?) reply data going back. When I fixed the "variable/value" syntax to be that perl -like stuff, I eventually got also: auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [ptb/cacsd1] (from client localhost port 0) Sending Access-Accept of id 10 to 1.2.3.4:4196 ARAP-Security-Data = "eyNIwLdV" Finished request 0 (I restarted) > It's in the FAQ, README, and many other places. I'm sure it is - after all, I got it from somewhere and I definitely read at least those! I was actually using -Xyz at the time of speaking. It doesn't tell you that nothing is going back when there is nothing going back (I think), and I still don't know for sure if there is more it is not showing me. I'm not used to FreeBSD (first tiem in 10 years ..) and I am still struggling with truss. Peter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html