summaryrefslogtreecommitdiffstats
path: root/raddb/mods-config/preprocess
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 14:11:00 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 14:11:00 +0000
commitaf754e596a8dbb05ed8580c342e7fe02e08b28e0 (patch)
treeb2f334c2b55ede42081aa6710a72da784547d8ea /raddb/mods-config/preprocess
parentInitial commit. (diff)
downloadfreeradius-af754e596a8dbb05ed8580c342e7fe02e08b28e0.tar.xz
freeradius-af754e596a8dbb05ed8580c342e7fe02e08b28e0.zip
Adding upstream version 3.2.3+dfsg.upstream/3.2.3+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'raddb/mods-config/preprocess')
-rw-r--r--raddb/mods-config/preprocess/hints86
-rw-r--r--raddb/mods-config/preprocess/huntgroups43
2 files changed, 129 insertions, 0 deletions
diff --git a/raddb/mods-config/preprocess/hints b/raddb/mods-config/preprocess/hints
new file mode 100644
index 0000000..84d4d78
--- /dev/null
+++ b/raddb/mods-config/preprocess/hints
@@ -0,0 +1,86 @@
+#
+# hints
+#
+# The hints file. This file is used to match
+# a request, and then add attributes to it. This
+# process allows a user to login as "bob.ppp" (for example),
+# and receive a PPP connection, even if the NAS doesn't
+# ask for PPP. The "hints" file is used to match the
+# ".ppp" portion of the username, and to add a set of
+# "user requested PPP" attributes to the request.
+#
+# Matching can take place with the the Prefix and Suffix
+# attributes, just like in the "users" file.
+# These attributes operate ONLY on the username, though.
+#
+# Note that the attributes that are set for each entry are
+# NOT added to the reply attributes passed back to the NAS.
+# Instead they are added to the list of attributes in the
+# request that has been SENT by the NAS.
+#
+# This extra information can be used in the users file to
+# match on. Usually this is done in the DEFAULT entries,
+# of which there can be more than one.
+#
+# In addition a matching entry can transform a username
+# for authentication purposes if the "Strip-User-Name"
+# variable is set to Yes in an entry (default is Yes).
+#
+# A special non-protocol name-value pair called "Hint"
+# can be set to match on in the "users" file.
+#
+# As with the "users" file, the first entry that matches the
+# incoming request will cause the server to stop looking for
+# more hints. If the "Fall-Through" attribute is set to
+# "Yes" in an entry then the server will not stop, but
+# continue to process further hints from the file. Matches
+# on subsequent hints will be against the altered request
+# from the previous hints, not against the original request.
+#
+# The following is how most dial-up ISPs want to set this up.
+#
+# Version: $Id$
+#
+
+
+DEFAULT Suffix == ".ppp", Strip-User-Name = Yes
+ Hint = "PPP",
+ Service-Type = Framed-User,
+ Framed-Protocol = PPP
+
+DEFAULT Suffix == ".slip", Strip-User-Name = Yes
+ Hint = "SLIP",
+ Service-Type = Framed-User,
+ Framed-Protocol = SLIP
+
+DEFAULT Suffix == ".cslip", Strip-User-Name = Yes
+ Hint = "CSLIP",
+ Service-Type = Framed-User,
+ Framed-Protocol = SLIP,
+ Framed-Compression = Van-Jacobson-TCP-IP
+
+######################################################################
+#
+# These entries are old, and commented out by default.
+# They confuse too many people when "Peter" logs in, and the
+# server thinks that the user "eter" is asking for PPP.
+#
+#DEFAULT Prefix == "U", Strip-User-Name = No
+# Hint = "UUCP"
+
+#DEFAULT Prefix == "P", Strip-User-Name = Yes
+# Hint = "PPP",
+# Service-Type = Framed-User,
+# Framed-Protocol = PPP
+
+#DEFAULT Prefix == "S", Strip-User-Name = Yes
+# Hint = "SLIP",
+# Service-Type = Framed-User,
+# Framed-Protocol = SLIP
+
+#DEFAULT Prefix == "C", Strip-User-Name = Yes
+# Hint = "CSLIP",
+# Service-Type = Framed-User,
+# Framed-Protocol = SLIP,
+# Framed-Compression = Van-Jacobson-TCP-IP
+
diff --git a/raddb/mods-config/preprocess/huntgroups b/raddb/mods-config/preprocess/huntgroups
new file mode 100644
index 0000000..da28dba
--- /dev/null
+++ b/raddb/mods-config/preprocess/huntgroups
@@ -0,0 +1,43 @@
+#
+# huntgroups This file defines the `huntgroups' that you have. A
+# huntgroup is defined by specifying the IP address of
+# the NAS and possibly a port.
+#
+# Matching is done while RADIUS scans the user file; if it
+# includes the selection criteria "Huntgroup-Name == XXX"
+# the huntgroup is looked up in this file to see if it
+# matches. There can be multiple definitions of the same
+# huntgroup; the first one that matches will be used.
+#
+# This file can also be used to define restricted access
+# to certain huntgroups. The second and following lines
+# define the access restrictions (based on username and
+# UNIX usergroup) for the huntgroup.
+#
+
+#
+# Our POP in Alphen a/d Rijn has 3 terminal servers. Create a Huntgroup-Name
+# called Alphen that matches on all three terminal servers.
+#
+#alphen NAS-IP-Address == 192.0.2.5
+#alphen NAS-IP-Address == 192.0.2.6
+#alphen NAS-IP-Address == 192.0.2.7
+
+#
+# The POP in Delft consists of only one terminal server.
+#
+#delft NAS-IP-Address == 198.51.100.5
+
+#
+# Port 0 on the first terminal server in Alphen are connected to
+# a huntgroup that is for business users only. Note that only one
+# of the username or groupname has to match to get access (OR/OR).
+#
+# Note that this huntgroup is a subset of the "alphen" huntgroup.
+#
+#business NAS-IP-Address == 198.51.100.5, NAS-Port-Id == 0
+# User-Name == rogerl,
+# User-Name == henks,
+# Group == business,
+# Group == staff
+