You can't put unlang in the configuration block of the files module... Unlang can only exist in policy.conf and in virtual server files.
-Arran On Jul 7, 2011, at 2:18 PM, Equin Nix wrote: > Hi Phil, > > thanks a lot for the fast answer! Unfortunatelly your radius-skills seem to > be far far from mine, but I think I get the point. > > I tried to add the following to sites-enabled/default (int authorize section) > (Its not a full copy of your text, I wanted to start step by step): > > [...] > # > # Read the 'users' file > files { > # compare them > if (User-Password != control:Cleartext-Password) { > reject > } > > > # probably need to set Auth-Type := Accept here > update control { > Auth-Type := Accept > } > } > [...] > > and freeradius won't start (even if I remove the update control section). > This is the error: > [...] > /etc/freeradius/sites-enabled/default[154]: Subsection of module instance > call not allowed > /etc/freeradius/sites-enabled/default[62]: Errors parsing authorize section. > > Any idea what might cause the trouble? Line 154 is the "if > (User-Password...." line. > > BTW: It is not possible with RegEx? > > Best regards from Germany > > > > 2011/7/7 Phil Mayers <p.may...@imperial.ac.uk> > On 07/07/11 09:51, Equin Nix wrote: > Hi, > > I am trying to set up something very basic (at least from my point of > view): I would like to have a User with multiple passwords (two > actually). How would I do this? I tried the following: > > /alice Auth-Type=Local, Cleartext-Password := "test1" > alice Auth-Type=Local, Cleartext-Password := "test2"/ > > Do not set Auth-Type. It's almost always wrong, and is certainly wrong in > this case. > > > It might be possible to have >1 password; but it will probably only work for > PAP requests, unless you play carefully with module failover. > > It also probably won't work in the "users" file; this is because the > "User-Password" attribute is handled specially here, as a compatibility > synonym for Cleartext-Password. > > You could try something like this - define a second password attribute in > raddb/dictionary: > > > ATTRIBUTE Cleartext-Password2 3002 string > > ...then set both in the "users" file: > > alice Cleartext-Password := "foo", Cleartext-Password2 := "bar" > > ...then use unlang to perform the comparisons in sites-enabled/default: > > authorize { > > ... > # read the passwords from "files" > files > # compare them > if ((User-Password != control:Cleartext-Password) && \ > (User-Password != control:Cleartext-Password2)) { > reject > } > > # probably need to set Auth-Type := Accept here > update control { > Auth-Type := Accept > } > } > > If you want to do this with requests that aren't PAP e.g. CHAP, MSCHAP/PEAP > etc. then it will be much harder. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html