+++ /dev/null
-
-Adding new features usually requires adding yet another
-file. We already have a slew of files in /etc/raddb, it should be
-possible to fold them into one. From radiusd's point of view that
-is, by using $INCLUDE statements it would still be possible for
-the admin to concentrate different things (like huntgroups) in
-a seperate file.
-
-Hints could be done with:
-
-user * {
- check: Prefix = "U"
- transform: Strip-User-Name = Yes
- check-add: Hint = "PPP",
- Service-Type = Framed-User,
- Framed-Protocol = PPP
-}
-
-Huntgroups with:
-
-user * {
- check: NAS-IP-Address = 192.168.2.5
- check: NAS-IP-Address = 192.168.2.6
- check: NAS-IP-Address = 192.168.2.7
- auth: Group = "staff"
- auth: Group = "cistron"
- check-add: Huntgroup = alphen
-}
-
-Normal entry, but with CLID auth instead of passwd
-
-username remoterouter {
- check: Service-Type = Framed-User
- auth: Calling-Station-Id = "55512345"
- reply: Framed-IP-Address = 192.168.1.2,
- Service-Type = Framed-User,
- Framed-Protocol = PPP
- exec-program: /usr/local/bin/loggedin
- fallthrough: no
-}
-
-Basically the keywords should be:
-
-check: all items must match
- Multiple check statements can be present which
- will be ORed (entry applies when one matches)
- If entry doesn't match, the next entry will be tried
-auth: If check matches, authentication will be done.
- If authentication fails we don't fall through ever
-reply: Set the reply message to something
-reply-add: Add something to the existing reply-message
-check-add: Add something to the existing check pairs
-fallthrough: Fall through to the next entry (unless auth failed)
-transform: rules to change the username. Not quite sure how
- to do this yet.
-stage: (auth|acct) to apply at authentication or accounting time
-