1 Like Auth-Type for authentication method selection freeradius also
2 supports the Autz-Type to select between authorization methods. The only
3 problem is that authorization is the first thing to be called when an
4 authentication request is handled. As a result we first have to call the
5 authorize section without checking for Autz-Type. After that we check for
6 Autz-Type and if it exists we call the corresponding subsection in the
7 authorize section. In other words the authorize section in radiusd.conf
14 # whatever other authorize modules here
24 What happens is that the first time the authorize section is examined the
25 suffix, preprocess and files modules are executed. If Autz-Type is set
26 after that the server core checks for any matching Autz-Type subsection.
27 If one is found it is called. The users file should look something
30 DEFAULT Called-Station-Id == "123456789", Autz-Type := Ldap
32 DEFAULT Realm == "other.company.com", Autz-Type := SQL
34 Autz-Type could also be used to select between multiple instances of
35 a module (ie sql or ldap) which have been configured differently. For
36 example based on the user realm different ldap servers (belonging to
37 different companies) could be queried. If Auth-Type was also set then we
38 could do both Authentication and Authorization with the user databases
39 belonging to other companies. In detail:
41 radiusd.conf-----------------
64 -----------------------------
66 users file-------------------
68 DEFAULT Realm == "customer1", Autz-Type := customer1, Auth-Type := customer1
70 DEFAULT Realm == "customer2", Autz-Type := customer2, Auth-Type := customer2
72 ----------------------------
74 Apart from Autz-Type the server also supports the use of
75 Acct-Type, Session-Type and Post-Auth-Type for the corresponding sections.
76 The corresponding section names in the radiusd.conf file are the same. So for example:
80 DEFAULT Called-Station-Id == "236473", Session-Type := SQL