proposed-new-users [plain text]
Adding new features usually requires adding yet another
file. We already have a slew of files in /etc/raddb, it should be
possible to fold them into one. From radiusd's point of view that
is, by using $INCLUDE statements it would still be possible for
the admin to concentrate different things (like huntgroups) in
a seperate file.
Hints could be done with:
user * {
check: Prefix = "U"
transform: Strip-User-Name = Yes
check-add: Hint = "PPP",
Service-Type = Framed-User,
Framed-Protocol = PPP
}
Huntgroups with:
user * {
check: NAS-IP-Address = 192.168.2.5
check: NAS-IP-Address = 192.168.2.6
check: NAS-IP-Address = 192.168.2.7
auth: Group = "staff"
auth: Group = "cistron"
check-add: Huntgroup = alphen
}
Normal entry, but with CLID auth instead of passwd
username remoterouter {
check: Service-Type = Framed-User
auth: Calling-Station-Id = "55512345"
reply: Framed-IP-Address = 192.168.1.2,
Service-Type = Framed-User,
Framed-Protocol = PPP
exec-program: /usr/local/bin/loggedin
fallthrough: no
}
Basically the keywords should be:
check: all items must match
Multiple check statements can be present which
will be ORed (entry applies when one matches)
If entry doesn't match, the next entry will be tried
auth: If check matches, authentication will be done.
If authentication fails we don't fall through ever
reply: Set the reply message to something
reply-add: Add something to the existing reply-message
check-add: Add something to the existing check pairs
fallthrough: Fall through to the next entry (unless auth failed)
transform: rules to change the username. Not quite sure how
to do this yet.
stage: (auth|acct) to apply at authentication or accounting time