4 Like Auth-Type for authentication method selection freeradius also
5 supports the Autz-Type to select between authorization methods. The only
6 problem is that authorization is the first thing to be called when an
7 authentication request is handled. As a result we first have to call the
8 authorize section without checking for Autz-Type. After that we check for
9 Autz-Type and if it exists we call the corresponding subsection in the
10 authorize section. In other words the authorize section in radiusd.conf
11 should look like this::
16 # whatever other authorize modules here
26 What happens is that the first time the authorize section is examined the
27 suffix, preprocess and files modules are executed. If Autz-Type is set
28 after that the server core checks for any matching Autz-Type subsection.
29 If one is found it is called. The users file should look something
32 DEFAULT Called-Station-Id == "123456789", Autz-Type := Ldap
34 DEFAULT Realm == "other.company.com", Autz-Type := SQL
36 Autz-Type could also be used to select between multiple instances of
37 a module (ie sql or ldap) which have been configured differently. For
38 example based on the user realm different ldap servers (belonging to
39 different companies) could be queried. If Auth-Type was also set then we
40 could do both Authentication and Authorization with the user databases
41 belonging to other companies. In detail:
68 DEFAULT Realm == "customer1", Autz-Type := customer1, Auth-Type := customer1
70 DEFAULT Realm == "customer2", Autz-Type := customer2, Auth-Type := customer2
73 Apart from Autz-Type the server also supports the use of
74 Acct-Type, Session-Type and Post-Auth-Type for the corresponding sections.
75 The corresponding section names in the radiusd.conf file are the same. So for example:
79 DEFAULT Called-Station-Id == "236473", Session-Type := SQL