Summary
Authorization can become the most complex part of FreeRADIUS. By making good use of what unlang offers, we can overcome almost every imaginable problem.
In this chapter, we have covered:
- Applications of restrictions: Restrictions can be applied at the RADIUS server or at the NAS device.
- Unlang: Unlang is a powerful processing language that allows us to manipulate the way an incoming request is handled by FreeRADIUS. It features conditional checks that can control the flow of a request. It also allows for interaction with certain modules like the
sqlmodule to obtain results from an SQL database. Unlang enables us to manipulate and add AVPs that will be returned withAccess-Acceptpackets. The use of unlang should be mastered by anyone who wants to create flexible and versatile configurations in FreeRADIUS.
With this chapter on Authorization at an end, we have now completed the coverage of the AAA framework. The rest of this book will focus on more advanced topics of RADIUS, as well...
