+Autz-Type
+=========
+
Like Auth-Type for authentication method selection freeradius also
supports the Autz-Type to select between authorization methods. The only
problem is that authorization is the first thing to be called when an
authorize section without checking for Autz-Type. After that we check for
Autz-Type and if it exists we call the corresponding subsection in the
authorize section. In other words the authorize section in radiusd.conf
-should look like this:
-
-
-authorize{
- suffix
- preprocess
- # whatever other authorize modules here
- Autz-Type Ldap{
- ldap
- }
- Autz-Type SQL{
- sql
- }
- files
-}
+should look like this::
+
+ authorize{
+ suffix
+ preprocess
+ # whatever other authorize modules here
+ Autz-Type Ldap{
+ ldap
+ }
+ Autz-Type SQL{
+ sql
+ }
+ files
+ }
What happens is that the first time the authorize section is examined the
suffix, preprocess and files modules are executed. If Autz-Type is set
after that the server core checks for any matching Autz-Type subsection.
If one is found it is called. The users file should look something
-like this:
+like this::
-DEFAULT Called-Station-Id == "123456789", Autz-Type := Ldap
-
-DEFAULT Realm == "other.company.com", Autz-Type := SQL
+ DEFAULT Called-Station-Id == "123456789", Autz-Type := Ldap
+
+ DEFAULT Realm == "other.company.com", Autz-Type := SQL
Autz-Type could also be used to select between multiple instances of
a module (ie sql or ldap) which have been configured differently. For
could do both Authentication and Authorization with the user databases
belonging to other companies. In detail:
-radiusd.conf-----------------
-
-authenticate{
- Auth-Type customer1{
- ldap1
- }
- Auth-Type customer2{
- ldap2
- }
-}
-
-authorize{
- preprocess
- suffix
- Autz-Type customer1{
- ldap1
- }
- Autz-Type customer2{
- ldap2
- }
- files
-}
-
------------------------------
-
-users file-------------------
-
-DEFAULT Realm == "customer1", Autz-Type := customer1, Auth-Type := customer1
-
-DEFAULT Realm == "customer2", Autz-Type := customer2, Auth-Type := customer2
+radiusd.conf::
+
+ authenticate{
+ Auth-Type customer1{
+ ldap1
+ }
+ Auth-Type customer2{
+ ldap2
+ }
+ }
+
+ authorize{
+ preprocess
+ suffix
+ Autz-Type customer1{
+ ldap1
+ }
+ Autz-Type customer2{
+ ldap2
+ }
+ files
+ }
+
+The users file::
+
+ DEFAULT Realm == "customer1", Autz-Type := customer1, Auth-Type := customer1
+
+ DEFAULT Realm == "customer2", Autz-Type := customer2, Auth-Type := customer2
-----------------------------
Apart from Autz-Type the server also supports the use of
Acct-Type, Session-Type and Post-Auth-Type for the corresponding sections.
The corresponding section names in the radiusd.conf file are the same. So for example:
-users file---
+users file::
-DEFAULT Called-Station-Id == "236473", Session-Type := SQL
+ DEFAULT Called-Station-Id == "236473", Session-Type := SQL
-radiusd.conf---
+radiusd.conf::
-session {
- radutmp
- Session-Type SQL {
- sql
- }
-}
+ session {
+ radutmp
+ Session-Type SQL {
+ sql
+ }
+ }
+FreeRADIUS for EAP under CygWin
+===============================
+
From: "Philip Blow" <philipb@simplywireless.com.au>
To: <freeradius-users@lists.cistron.nl>
Date: Wed, 29 Jan 2003 15:23:45 +1100
on Windows XP with EAP/TLS support.
Configuring FreeRADIUS for EAP under CygWin.
+--------------------------------------------
+
+#. Installing CygWin
+
+ Install the latest version of CygWin (at time of writing 1.3.19-1) from http://www.cygwin.com
+
+#. Install the following packages (make as minimum list)
+
+ +--------------------+-----------------+
+ | Package | Version |
+ +====================+=================+
+ | _update-info-dir | 00126-1 |
+ +--------------------+-----------------+
+ | ash | 20020731-1 |
+ +--------------------+-----------------+
+ | autoconf | 2.54-1 |
+ +--------------------+-----------------+
+ | autoconf-devel | 2.57-1 |
+ +--------------------+-----------------+
+ | autoconf-stable | 2.13-4 |
+ +--------------------+-----------------+
+ | automake | 1.7.1-1 |
+ +--------------------+-----------------+
+ | automake-devel | 1.7.2-1 |
+ +--------------------+-----------------+
+ | automake-stable | 1.4p5-5 |
+ +--------------------+-----------------+
+ | base-files | 1.1-1 |
+ +--------------------+-----------------+
+ | base-passwd | 1.0-1 |
+ +--------------------+-----------------+
+ | bash | 2.05b-8 |
+ +--------------------+-----------------+
+ | bc | 1.06-1 |
+ +--------------------+-----------------+
+ | binutils | 20021117-1 |
+ +--------------------+-----------------+
+ | byacc | 1.9-1 |
+ +--------------------+-----------------+
+ | bzip2 | 1.0.2-2 |
+ +--------------------+-----------------+
+ | crypt | 1.0-1 |
+ +--------------------+-----------------+
+ | cygrunsrv | 0.95-1 |
+ +--------------------+-----------------+
+ | cygutils | 1.1.3-1 |
+ +--------------------+-----------------+
+ | cygwin | 1.3.19-1 |
+ +--------------------+-----------------+
+ | cygwin-doc | 1.3-2 |
+ +--------------------+-----------------+
+ | diff | 1.0-1 |
+ +--------------------+-----------------+
+ | diffutils | 2.8.1-1 |
+ +--------------------+-----------------+
+ | ed | 0.2-1 |
+ +--------------------+-----------------+
+ | file | 3.37-1 |
+ +--------------------+-----------------+
+ | fileutils | 4.1-1 |
+ +--------------------+-----------------+
+ | findutils | 4.1.7-4 |
+ +--------------------+-----------------+
+ | gawk | 3.1.1-5 |
+ +--------------------+-----------------+
+ | gcc | 3.2-3 |
+ +--------------------+-----------------+
+ | gcc-mingw | 20020817-5 |
+ +--------------------+-----------------+
+ | gcc2 | 2.95.3-10 |
+ +--------------------+-----------------+
+ | gdb | 20021218-1 |
+ +--------------------+-----------------+
+ | gdbm | 1.8.0-4 |
+ +--------------------+-----------------+
+ | gettext | 0.11.5-1 |
+ +--------------------+-----------------+
+ | grep | 2.5-1 |
+ +--------------------+-----------------+
+ | groff | 1.18.1-2 |
+ +--------------------+-----------------+
+ | gzip | 1.3.3-4 |
+ +--------------------+-----------------+
+ | inetutils | 1.3.2-20 |
+ +--------------------+-----------------+
+ | initscripts | 0.9-1 |
+ +--------------------+-----------------+
+ | less | 378-1 |
+ +--------------------+-----------------+
+ | libbz2_0 | 1.0.2-1 |
+ +--------------------+-----------------+
+ | libbz2_1 | 1.0.2-2 |
+ +--------------------+-----------------+
+ | libiconv2 | 1.8-2 |
+ +--------------------+-----------------+
+ | libintl | 0.10.38-3 |
+ +--------------------+-----------------+
+ | libintl1 | 0.10.40-1 |
+ +--------------------+-----------------+
+ | libintl2 | 0.11.5-1 |
+ +--------------------+-----------------+
+ | libltdl3 | 20030103-1 |
+ +--------------------+-----------------+
+ | libncurses5 | 5.2-1 |
+ +--------------------+-----------------+
+ | libncurses6 | 5.2-8 |
+ +--------------------+-----------------+
+ | libpng10 | 1.0.14-2 |
+ +--------------------+-----------------+
+ | libpng12 | 1.2.4-2 |
+ +--------------------+-----------------+
+ | libpopt0 | 1.6.4-4 |
+ +--------------------+-----------------+
+ | libreadline4 | 4.1-2 |
+ +--------------------+-----------------+
+ | libreadline5 | 4.3-2 |
+ +--------------------+-----------------+
+ | libtool | 20020202a-1 |
+ +--------------------+-----------------+
+ | libtool-devel | 20021227-1 |
+ +--------------------+-----------------+
+ | libtool-stable | 1.4.2-2 |
+ +--------------------+-----------------+
+ | libxml2 | 2.4.23-1 |
+ +--------------------+-----------------+
+ | login | 1.7-1 |
+ +--------------------+-----------------+
+ | m4 | 1.4-1 |
+ +--------------------+-----------------+
+ | make | 3.79.1-7 |
+ +--------------------+-----------------+
+ | man | 1.5j-1 |
+ +--------------------+-----------------+
+ | mingw-runtime | 2.3-1 |
+ +--------------------+-----------------+
+ | mktemp | 1.4-1 |
+ +--------------------+-----------------+
+ | more | 2.11o-1 |
+ +--------------------+-----------------+
+ | nasm | 0.98.35-1 |
+ +--------------------+-----------------+
+ | ncurses | 5.2-8 |
+ +--------------------+-----------------+
+ | newlib-man | 20020801 |
+ +--------------------+-----------------+
+ | openssh | 3.5p1-3 |
+ +--------------------+-----------------+
+ | openssl | 0.9.7-1 |
+ +--------------------+-----------------+
+ | openssl-devel | 0.9.7-1 |
+ +--------------------+-----------------+
+ | openssl096 | 0.9.6h-1 |
+ +--------------------+-----------------+
+ | patch | 2.5.8-2 |
+ +--------------------+-----------------+
+ | pcre | 3.7-1 |
+ +--------------------+-----------------+
+ | perl | 5.6.1-2 |
+ +--------------------+-----------------+
+ | readline | 4.3-2 |
+ +--------------------+-----------------+
+ | sed | 4.0.5-1 |
+ +--------------------+-----------------+
+ | sh-utils | 2.0.15-3 |
+ +--------------------+-----------------+
+ | sharutils | 4.2.1-2 |
+ +--------------------+-----------------+
+ | sysvinit | 2.84-3 |
+ +--------------------+-----------------+
+ | tar | 1.13.25-1 |
+ +--------------------+-----------------+
+ | tcltk | 20021218-1 |
+ +--------------------+-----------------+
+ | termcap | 20020930-1 |
+ +--------------------+-----------------+
+ | terminfo | 5.2-3 |
+ +--------------------+-----------------+
+ | texinfo | 4.2-4 |
+ +--------------------+-----------------+
+ | textutils | 2.0.21-1 |
+ +--------------------+-----------------+
+ | tiff | 3.5.7-1 |
+ +--------------------+-----------------+
+ | time | 1.7-1 |
+ +--------------------+-----------------+
+ | unzip | 5.50-1 |
+ +--------------------+-----------------+
+ | vim | 6.1-2 |
+ +--------------------+-----------------+
+ | w32api | 2.1-1 |
+ +--------------------+-----------------+
+ | wget | 1.8.2-2 |
+ +--------------------+-----------------+
+ | which | 1.5-1 |
+ +--------------------+-----------------+
+ | xinetd | 2.3.9-1 |
+ +--------------------+-----------------+
+ | zip | 2.3-2 |
+ +--------------------+-----------------+
+ | zlib | 1.1.4-1 |
+ +--------------------+-----------------+
+
+#. Download
+
+ Download the FreeRADIUS source code from http://www.freeradius.org/
+
+#. Expand the FreeRADIUS source file.
+
+#. Make the following changes to the source code
+ (the diffs are reversed)
+
+ ::
+
+ src/main/Makefile.in
+
+ 145,148c145,148
+ < $(LIBTOOL) --mode=install $(INSTALL) -m 755 $(INSTALLSTRIP)
+ radiusd.exe $(R)$(sbindir)
+ < $(INSTALL) -m 755 $(INSTALLSTRIP) radwho.exe
+ $(R)$(bindir)
+ < $(INSTALL) -m 755 $(INSTALLSTRIP) raduse.exe
+ $(R)$(bindir)
+ < $(INSTALL) -m 755 $(INSTALLSTRIP) radzap.exe
+ $(R)$(bindir)
+ ---
+ > $(LIBTOOL) --mode=install $(INSTALL) -m 755 $(INSTALLSTRIP)
+ radiusd $(R)$(sbindir)
+ > $(INSTALL) -m 755 $(INSTALLSTRIP) radwho
+ $(R)$(bindir)
+ > $(INSTALL) -m 755 $(INSTALLSTRIP) raduse
+ $(R)$(bindir)
+ > $(INSTALL) -m 755 $(INSTALLSTRIP) radzap
+ $(R)$(bindir)
+ 150,151c150,151
+ < $(INSTALL) -m 755 radclient.exe $(R)$(bindir)
+ < $(INSTALL) -m 755 radrelay.exe $(R)$(bindir)
+ ---
+ > $(INSTALL) -m 755 radclient $(R)$(bindir)
+ > $(INSTALL) -m 755 radrelay $(R)$(bindir)
+
+ src/modules/rlm_dbm/Makefile.in
+
+ 22,23c22,23
+ < $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_parser.exe
+ $(R)$(bindir)
+ < $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_cat.exe
+ $(R)$(bindir)
+ ---
+ > $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_parser $(R)$(bindir)
+ > $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_cat $(R)$(bindir)
+
+ src/modules/rlm_mschap/Makefile
+
+ 20c20
+ < $(INSTALL) -m 755 $(INSTALLSTRIP) smbencrypt.exe $(R)$(bindir)
+ ---
+ > $(INSTALL) -m 755 $(INSTALLSTRIP) smbencrypt $(R)$(bindir)
+
+#. Run configure with the following command line
+
+ ::
+
+ ./configure -without-snmp -disable-shared -enable-static
+
+#. Execute make and then make install
+
+::
-1. Installing CygWin
-
-Install the latest version of CygWin (at time of writing 1.3.19-1) from
-the web download (http://www.cygwin.com).
-
-2. Install the following packages (make as minimum list)
-
-Package Version
-_update-info-dir 00126-1
-ash 20020731-1
-autoconf 2.54-1
-autoconf-devel 2.57-1
-autoconf-stable 2.13-4
-automake 1.7.1-1
-automake-devel 1.7.2-1
-automake-stable 1.4p5-5
-base-files 1.1-1
-base-passwd 1.0-1
-bash 2.05b-8
-bc 1.06-1
-binutils 20021117-1
-byacc 1.9-1
-bzip2 1.0.2-2
-crypt 1.0-1
-cygrunsrv 0.95-1
-cygutils 1.1.3-1
-cygwin 1.3.19-1
-cygwin-doc 1.3-2
-diff 1.0-1
-diffutils 2.8.1-1
-ed 0.2-1
-file 3.37-1
-fileutils 4.1-1
-findutils 4.1.7-4
-gawk 3.1.1-5
-gcc 3.2-3
-gcc-mingw 20020817-5
-gcc2 2.95.3-10
-gdb 20021218-1
-gdbm 1.8.0-4
-gettext 0.11.5-1
-grep 2.5-1
-groff 1.18.1-2
-gzip 1.3.3-4
-inetutils 1.3.2-20
-initscripts 0.9-1
-less 378-1
-libbz2_0 1.0.2-1
-libbz2_1 1.0.2-2
-libiconv2 1.8-2
-libintl 0.10.38-3
-libintl1 0.10.40-1
-libintl2 0.11.5-1
-libltdl3 20030103-1
-libncurses5 5.2-1
-libncurses6 5.2-8
-libpng10 1.0.14-2
-libpng12 1.2.4-2
-libpopt0 1.6.4-4
-libreadline4 4.1-2
-libreadline5 4.3-2
-libtool 20020202a-1
-libtool-devel 20021227-1
-libtool-stable 1.4.2-2
-libxml2 2.4.23-1
-login 1.7-1
-m4 1.4-1
-make 3.79.1-7
-man 1.5j-1
-mingw-runtime 2.3-1
-mktemp 1.4-1
-more 2.11o-1
-nasm 0.98.35-1
-ncurses 5.2-8
-newlib-man 20020801
-openssh 3.5p1-3
-openssl 0.9.7-1
-openssl-devel 0.9.7-1
-openssl096 0.9.6h-1
-patch 2.5.8-2
-pcre 3.7-1
-perl 5.6.1-2
-readline 4.3-2
-sed 4.0.5-1
-sh-utils 2.0.15-3
-sharutils 4.2.1-2
-sysvinit 2.84-3
-tar 1.13.25-1
-tcltk 20021218-1
-termcap 20020930-1
-terminfo 5.2-3
-texinfo 4.2-4
-textutils 2.0.21-1
-tiff 3.5.7-1
-time 1.7-1
-unzip 5.50-1
-vim 6.1-2
-w32api 2.1-1
-wget 1.8.2-2
-which 1.5-1
-xinetd 2.3.9-1
-zip 2.3-2
-zlib 1.1.4-1
-
-3. Download the FreeRADIUS source code form
-http://www.freeradius.org/.
-
-4. Expand the FreeRADIUS source file.
-
-5. Make the following changes to the source code
- (the diffs are reversed)
-
-src/main/Makefile.in
-
-145,148c145,148
-< $(LIBTOOL) --mode=install $(INSTALL) -m 755 $(INSTALLSTRIP)
-radiusd.exe $(R)$(sbindir)
-< $(INSTALL) -m 755 $(INSTALLSTRIP) radwho.exe
-$(R)$(bindir)
-< $(INSTALL) -m 755 $(INSTALLSTRIP) raduse.exe
-$(R)$(bindir)
-< $(INSTALL) -m 755 $(INSTALLSTRIP) radzap.exe
-$(R)$(bindir)
----
-> $(LIBTOOL) --mode=install $(INSTALL) -m 755 $(INSTALLSTRIP)
-radiusd $(R)$(sbindir)
-> $(INSTALL) -m 755 $(INSTALLSTRIP) radwho
-$(R)$(bindir)
-> $(INSTALL) -m 755 $(INSTALLSTRIP) raduse
-$(R)$(bindir)
-> $(INSTALL) -m 755 $(INSTALLSTRIP) radzap
-$(R)$(bindir)
-150,151c150,151
-< $(INSTALL) -m 755 radclient.exe $(R)$(bindir)
-< $(INSTALL) -m 755 radrelay.exe $(R)$(bindir)
----
-> $(INSTALL) -m 755 radclient $(R)$(bindir)
-> $(INSTALL) -m 755 radrelay $(R)$(bindir)
-
-src/modules/rlm_dbm/Makefile.in
-
-22,23c22,23
-< $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_parser.exe
-$(R)$(bindir)
-< $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_cat.exe
-$(R)$(bindir)
----
-> $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_parser $(R)$(bindir)
-> $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_cat $(R)$(bindir)
-
-src/modules/rlm_mschap/Makefile
-
-20c20
-< $(INSTALL) -m 755 $(INSTALLSTRIP) smbencrypt.exe $(R)$(bindir)
----
-> $(INSTALL) -m 755 $(INSTALLSTRIP) smbencrypt $(R)$(bindir)
-
-6. Run configure with the following command line
-
-./configure -without-snmp -disable-shared -enable-static
-
-7. Execute make and then make install
-
-
-Philip Blow
-Senior Technical Manager
-Simply Wireless
-philipb@simplywireless.com.au
+ Philip Blow
+ Senior Technical Manager
+ Simply Wireless
+ philipb@simplywireless.com.au