| `user.access_positive = no` | `locked out` | `ok` | `ok`
|===
-When a user is "locked out", the LDAP module will return `disallow` in (≥ v4.0.x) and `userlock` in (≤ v3.0.x).
+When a user is "locked out", the LDAP module will return `disallow` in (≥ v4.0.x) and `userlock` in (≤ v3.2.x).
=== Editing mods-available/ldap to only allow access if the 'Access Attribute' is present
For simple authentication types like `PAP` and `CHAP` the LDAP module
should be listed in the `recv Access-Request { ... }` (≥ v4.0.x)
-or `authorize { ... }` (≤ v3.0.x) section of the virtual server
+or `authorize { ... }` (≤ v3.2.x) section of the virtual server
listening on the network (usually found in `sites-available/default`).
For EAP authentication the LDAP module should be listed in
LDAP binds for simple authentication types like `PAP` the LDAP module should be
listed in the `recv Access-Request { ... }` and `authenticate ldap { ... }` (≥
-v4.0.x) or `authorize { ... }` and `authenticate { ... }` (≤ v3.0.x) sections of
+v4.0.x) or `authorize { ... }` and `authenticate { ... }` (≤ v3.2.x) sections of
the virtual server listening on the network (usually found in
`sites-available/default`).
The REST module allows a different REST API endpoint to be configured for each
type of section it can be called in.
-If called in `recv Access-Request` (≥ v4.0.x) or `authorize { ... }` (≤ v3.0.x)
+If called in `recv Access-Request` (≥ v4.0.x) or `authorize { ... }` (≤ v3.2.x)
the `rest.authorize` module section will be evaluated.
[source,config]
<1> The URL to authenticate against. Will be expanded (if required).
<2> The HTTP 'verb' to use.
-If called in `recv Accounting-Request` (≥ v4.0.x) or `accounting { ... }` (≤ v3.0.x)
+If called in `recv Accounting-Request` (≥ v4.0.x) or `accounting { ... }` (≤ v3.2.x)
the `rest.authorize` mould section will be evaluated.
[source,config]
don't come complaining if it breaks.)
Hopefully it is clear, *we recommend 99.9%+ of users use
-https://freeradius.org/releases/[FreeRADIUS 3.0.x]* and the
+https://freeradius.org/releases/[FreeRADIUS 3.2.x]* and the
https://packages.networkradius.com/[pre-built packages]
available from https://networkradius.com/[Network RADIUS].
[NOTE]
====
-In versions ≤ v3.0.x the `disallow` rcode was called `userlock`. `disallow` and
+In versions ≤ v3.2.x the `disallow` rcode was called `userlock`. `disallow` and
`userlock` have an identical meaning. `disallow` will be returned in any
-instance where `userlock` was returned in v3.0.x
+instance where `userlock` was returned in v3.0.x or v3.2.x
====
`raddb/sites-available/default` virtual server.
Now read the
-https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/doc/configuration/variables.rst[variables]
+https://github.com/FreeRADIUS/freeradius-server/blob/v3.2.x/doc/configuration/variables.rst[variables]
documentation file to determine the meaning of the variables used in the `filename` configuration entry.
Once you are done, send the server an accounting packet (e.g.,
`bob-acct-stop.sh`), and go look for the detail file, which will be
[TIP]
====
For this tutorial you should start with an empty authorization section
-(`recv Access-Request { ... }` or in ≤ v3.0.x `authorize { ... }`)
+(`recv Access-Request { ... }` or in ≤ v3.2.x `authorize { ... }`)
in the virtual server you're using to process requests.
====
projects / thirdparty / freeradius-server.git / commitdiff
