2 Adding new features usually requires adding yet another
3 file. We already have a slew of files in /etc/raddb, it should be
4 possible to fold them into one. From radiusd's point of view that
5 is, by using $INCLUDE statements it would still be possible for
6 the admin to concentrate different things (like huntgroups) in
9 Hints could be done with:
13 transform: Strip-User-Name = Yes
14 check-add: Hint = "PPP",
15 Service-Type = Framed-User,
22 check: NAS-IP-Address = 192.168.2.5
23 check: NAS-IP-Address = 192.168.2.6
24 check: NAS-IP-Address = 192.168.2.7
26 auth: Group = "cistron"
27 check-add: Huntgroup = alphen
30 Normal entry, but with CLID auth instead of passwd
32 username remoterouter {
33 check: Service-Type = Framed-User
34 auth: Calling-Station-Id = "55512345"
35 reply: Framed-IP-Address = 192.168.1.2,
36 Service-Type = Framed-User,
38 exec-program: /usr/local/bin/loggedin
42 Basically the keywords should be:
44 check: all items must match
45 Multiple check statements can be present which
46 will be ORed (entry applies when one matches)
47 If entry doesn't match, the next entry will be tried
48 auth: If check matches, authentication will be done.
49 If authentication fails we don't fall through ever
50 reply: Set the reply message to something
51 reply-add: Add something to the existing reply-message
52 check-add: Add something to the existing check pairs
53 fallthrough: Fall through to the next entry (unless auth failed)
54 transform: rules to change the username. Not quite sure how
56 stage: (auth|acct) to apply at authentication or accounting time