Next: New Configuration Files, Previous: Changes to Rewrite Language, Up: New Configuration Approach (draft) [Contents][Index]
Within the new configuration system, the traditional “trio” hints-huntgroups-users will be translated to the following program:
(defprog main
(CALL hints)
(CALL huntgroups)
(COND "request_code() == Access-Request"
(CALL users))
(REPLY Access-Reject
(Reply-Message . "\nAccess denied\n")))
For example, consider the following configuration:
# raddb/hints: DEFAULT Prefix = "PPP" Hint = PPP
This will produce the following program:
(defprog hints
(COND "%[Prefix] == \"PPP\"")
(ACTION "%[Hint] = \"PPP\""))
#raddb/huntgroups DEFAULT NAS-IP-Address = 10.10.4.1 Suffix = "staff" DEFAULT NAS-IP-Address = 10.10.4.2 Huntgroup-Name = "second"
Will produce
(defprog huntgroups
(COND "%[NAS-IP-Address] == 10.10.4.1 && !(%[Suffix] == \"staff\")"
(REPLY Access-Reject
("Reply-Message" . "Access Denied by Huntgroup")))
(COND "%[NAS-IP-Address] == 10.10.4.2"
(ACTION "%[Huntgroup-Name] = \"second\"")))
Finally, users:
#raddb/users
DEFAULT Hint = "PPP",
Auth-Type = PAM
Service-Type = Framed-User,
Framed-Protocol = PPP
DEFAULT Huntgroup-Name = "second",
Auth-Type = PAM
Service-Type = "Authenticate-Only",
Reply-Message = "Authentity Confirmed"
will produce
(defprog users
(COND "%[Hint] == "PPP" && authorize(PAM)"
(REPLY Access-Accept
(Service-Type . Framed-User)
(Framed-Protocol . PPP))
(REPLY Access-Reject
(Reply-Message . "Access Denied")))
(COND "%[Huntgroup-Name] == \"second\" && authorize(PAM)"
(REPLY Access-Accept
(Service-Type . "Authenticate-Only")
(Reply-Message . "Authentity Confirmed"))))