[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
(This message will disappear, once this node revised.)
Within the new configuration system, the traditional "trio" `hints-huntgroups-users' will be translated to the following program:
(defprog main (CALL hints) (CALL huntgroups) (COND "request_code() == Access-Request" (CALL users)) (REPLY Access-Reject (Reply-Message . "\nAccess denied\n"))) |
For example, consider the following configuration:
# raddb/hints: DEFAULT Prefix = "PPP" Hint = PPP |
This will produce the following program:
(defprog hints (COND "%[Prefix] == \"PPP\"") (ACTION "%[Hint] = \"PPP\"")) |
#raddb/huntgroups DEFAULT NAS-IP-Address = 10.10.4.1 Suffix = "staff" DEFAULT NAS-IP-Address = 10.10.4.2 Huntgroup-Name = "second" |
Will produce
(defprog huntgroups (COND "%[NAS-IP-Address] == 10.10.4.1 && !(%[Suffix] == \"staff\")" (REPLY Access-Reject ("Reply-Message" . "Access Denied by Huntgroup"))) (COND "%[NAS-IP-Address] == 10.10.4.2" (ACTION "%[Huntgroup-Name] = \"second\""))) |
Finally, `users':
#raddb/users DEFAULT Hint = "PPP", Auth-Type = PAM Service-Type = Framed-User, Framed-Protocol = PPP DEFAULT Huntgroup-Name = "second", Auth-Type = PAM Service-Type = "Authenticate-Only", Reply-Message = "Authentity Confirmed" |
will produce
(defprog users (COND "%[Hint] == "PPP" && authorize(PAM)" (REPLY Access-Accept (Service-Type . Framed-User) (Framed-Protocol . PPP)) (REPLY Access-Reject (Reply-Message . "Access Denied"))) (COND "%[Huntgroup-Name] == \"second\" && authorize(PAM)" (REPLY Access-Accept (Service-Type . "Authenticate-Only") (Reply-Message . "Authentity Confirmed")))) |