On Thu, 1 Jan 2009, t...@kalik.net wrote:
I made a little progress since my last email. I discovered how to return a
group name in the Reply-Message attribute, and then parse that on my
appliance. I'm wondering though, if I have users with multiple group
membership, should I create a string of group names such as
"group1,group2, group3" for each user, and return that as the
Reply-Message? Is that a sensible way to do it, or is there a better way?
You can also return multiple attributes (with different values) using +=
operator.
Thanks. I'll try that as well.
On a related note, should the rlm_dbm_parse program be able to convert the
users file (assuming it is the correct syntax) directly? It complains
about the ntlm_auth type.
[r...@dradius1 rlm_dbm]# ./rlm_dbm_parser -c -i users -o userdb
/usr/local/src/freeradius-server-2.1.1/src/modules/rlm_dbm/.libs/lt-rlm_dbm_parser:
users[50]: syntax error
Error: Unknown value ntlm_auth for attribute Auth-Type
Record loaded: 0
Lines parsed: 50
Record skiped: 0
Warnings: 0
Errors: 1
My users file contains:
[r...@dradius1 rlm_dbm]# cat users | grep -v "^#"
diggins Auth-Type := ntlm_auth
Reply-Message = "Group=Staff",
Reply-Message += "Group=Network"
DEFAULT Auth-Type := ntlm_auth
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
-Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
