Markus Moeller wrote: >> if ("%{ldap: stuff... }" == "bar") { >> ... > I didn't know that is possible. Where is this documented ? I thought I > read all FAQ and documentations.
It's not really well documented, because it's not well tested. If it works, great. If not... > The other questions I have is about the AV pairs used. As far as I > understand freeradius uses request, reply, check_tmp, internal only AV > pairs. Is there a document which module uses which for what purpose ? doc/aaa.txt > Is there a process flow diagram somewhere describing how freeradius works ? Nope. > I understand > 1)client -> server sends a request AV pair > 2) server processes first authorisation modules and if fails end ? > 3) server processes authentication modules and if fails end ? > 4) server -> client sends reply AV pair > > What is the use of check(item) AV pairs ? Is it to communicate between > modules ? Among other things. It's for things associated with the request that don't need to go into a packet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html