On Wed, Jun 13, 2012 at 6:01 AM, Diego Matute <dmat...@cyphercor.com> wrote:
>> > 2/ How does Auth-Type get set? I've read a bunch of forum threads and it >> > looks like best practice nowadays is to let the server figure it out and >> > not set it explicitly in /etc/raddb/users, however it isn't being set. >> >> It isn't being set because the default distribution doesn't use rlm_perl. >> >> If you want to *force* usage of rlm_perl, you need to set Auth-Type. >> If you want to let the server just do the right thing, leave everything >> alone. >> > > What is the best practice for this? Should the Auth-Type be set in > /etc/raddb/users, within the module, /etc/raddb/sites-available/*? Why do you want to set Auth-Type? As Alan already said, if you want to let the server just do the right thing, leave everything alone. Meaning, you leave auth-type alone, use rlm_perl to supply user data (e.g. cleartext-password) as needed during authorization, and let the default authentication methods (pap, mschap, etc) does its job. If you force set auth-type, then you're not following best practice. That being said, from within rlm_perl you could probably set the attribute on %RAD_CHECK (or is it %RAD_CONFIG?). If ALL your users will use perl to authenticate then something like the default section on /etc/raddb/users should do. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
