groups in eap/tls authentication
Norbert Wegener
nw at sbs.de
Thu Jun 30 22:05:43 CEST 2005
My users authenticate via certificates and eap/tls.
Up to now they all get the same DEFAULTs for DNS servers and WINS
servers assigend.
Now there is demand, to assign some of them special servers.
I would like to do this, defining another DEFAULT entry combined with a
hint/check item or something else.
If they would use normal accounts, they would be able to append a suffix
to that account, so that a hint file comes into business.
As their login is extracted from the certificate, they have no chance to
do so.
I would like to do something like this, but as far as I understand, this
Group check-item will only work with Auth-Type=System:
my.login at example.com, Group="abc"
Fall-Through = Yes,
your.login at example.com, Group="123"
Fall-Through = Yes,
DEFAULT Group="abc"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Cisco-AVPair += "ip:dns-servers=1.2.3.4 5.6.7.8",
Fall-Through = No,
DEFAULT Group="123"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Cisco-AVPair += "ip:dns-servers=11.22.33.44 55.66.77.88",
Fall-Through = No
Is there a way to do this?
Thanks for an answer.
Norbert Wegener
More information about the Freeradius-Users
mailing list