> this stuff doesnt touch the User-Name - it just looks at it > and alters the servers proxy choosing behaviour which > is what makes it useful and powerful.
It's not doing it correctly yet. See previous message. > the language is 'unlang' - its a built in parser in > freeradius - making the server very powerful by being able to > actually put coding logic into the config files....in short > its brilliant. 'man unlang' for more info Yup. I've been reading that, but it's a lot to digest in a short amount of time. Working on that. > > "radiusd -XC" likes it. Hopefully, I'll be able to tell if > one or both of these schemes works fairly early tomorrow. > > I was going to suggest a session of radiusd -X because in > the output you can actually SEE the logic decisions > being made - which really really helps with dealing with > false/true hits where you might not expect them.. > the old 'why didnt that match?' question gets answered very quickly I sent a relevant snippet in my last message (unredacted in any way). The worst part of what I sent just now is that it was no longer attempting EAP. LDAP auth for the "host/blah.blah" will never work, since the computer doesn't have a cleartext password. It's going to have to go through mschap if it's going to succeed. I think. (Feel free to tell me I'm nuts...) --J - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html