-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all
In the 'users' file, I have the following lines: DEFAULT Huntgroup-Name == "Security-Devices", LDAP-Group == "group1", Proxy-To-Realm := 'innerradius' Class:="OU=vpngroupa;", Fall-Through = No DEFAULT Huntgroup-Name == "Security-Devices", LDAP-Group == "group2", Proxy-To-Realm := 'innerradius' Class:="OU=vpngroupb;", Fall-Through = No (The Inner Radius server provides the authentication - one time password). The problem is that setting the Class attribute does not happen. Presumably, this is because of the setting "post_proxy_authorize = no" in the file proxy.conf. When post_proxy_authorize is set to "Yes", the Class attribute does get set, but then the 'users' file is traversed twice, which is obviously an overhead, considering that the 'users' file has many other unrelated entries, not just the ones shown here. Also, setting "post_proxy_authorize = yes" is just there for "backwards compatibility", as per the comments in the proxy.conf file, and is not the preferred setting, I presume, in the future. My question then is, how do I set the Class attribute for the various different cases, two examples of which are shown above, if not as I have shown above? Would that be via the post_proxy section? If so, could anyone give me an example of how this could be done? FYR, this is being run on FreeRadius 1.0.1 on Redhat Enterprise Linux 3. Thanks SW -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkPpQ+oACgkQmw4BJyaatJ18GACfYQOFEn8SBhZ4IQYyQYbBBMKD3/4A n23uYwysIQqPu1oWrrp500gbHJ1/ =Svg+ -----END PGP SIGNATURE----- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html