- Authentication-Type:
The authentication type is
applied to a user just as it would be applied to a user belonging
to a realm. Check and reply items in the user entry will be appended
to any items used later in the authentication process.
- Comment:
This attribute does not perform
any server function. It allows you to provide any necessary explanation
for the entry.
- Deny-Message:
This attribute specifies a string that would be
returned as a Reply-Message value to the user in the Access-Reject
if any deny item for this user caused a rejection. You may configure
a denial message as follows:
Deny-Message = "You can't do that."
NAS-Port != 3160 |
(under the Free tab in the Check Item list box)
You may also use an asterisk wildcard:
Deny-Message = "*"
NAS-Port != 3160 |
This wildcard string sends the following message indicating
what deny item triggered the rejection:
Access denied, NAS-Port != 3160 |
 |
| |
|
 | IMPORTANT: The Deny-Message will only be returned if a deny
item (Attribute != Value) comparison fails. It will not be returned
if a check item fails. |
|
| |
|
- Expiration:
In date format, specifies
when an entry expires. After the date, the user will receive an
Access-Reject with the message, "Password has expired," in response
to all Access-Requests. The correct syntax is as follows:
Expiration = mth day year |
mth is the first three letters of the month. day is the two-digit
date. year is the four-digit year. The following is an example of
an Expiration check item:
- Group-Name:
May be any string value.
Unlike other configuration-only attributes, Group-Name would initially
appear in a user entry as a reply item and would be used as a check
item in a policy definition by ProLDAP or a customized authentication
method.
- Password:
Specifies the value to compare
to the User-Password attribute value in the Access-Request or the
user's input in response to an Access-Challenge. The \ character
may not be used.
|
| |
|
 | NOTE: The RADIUS protocol does not send clear text
passwords. Passwords are encrypted with the client and server's
shared secret according to RFC 2865. |
|
| |
|
To specify an encrypted password you must follow the syntax {Encrypt-type}Encryptd-password,
where Encrypt-type is
the method used to encrypt the password and Encryptd-password is
the encrypted password. Encrypt-type can be specified
as:
- Server-Name:
The additional parameter,
usually a DNS name or IP address, required to perform the specified
authentication type.
- User-Category:
May be any string value.
Unlike other configuration-only attributes, User-Category would
initially appear in a user entry as a reply item and would be used
as a check item in a policy definition by ProLDAP or a customized
authentication method.
- Xvalue:
This attribute provides a
means to pass an integer value to an action.
- Xstring:
This attribute provides a
means to pass a string value to an action.
Printable version
