Question setting up Virtual Servers with unique clients / users files.
Zach Simpson
zdsimpso at consistacom.com
Fri Aug 31 19:22:37 CEST 2012
Hi,
I'm relatively new to FreeRADIUS, and I'm working on moving the
administrative logins of our network devices (switches, routers, etc) to it.
I was planning on using AD as my data source and creating groups (ex.
Switches, Routers) so people could easily be assigned permissions for the
various devices. I believe I have the AD/Ldap Group retrieval parts
working.
What I'm having issues with is creating user file rules for each group of
devices. I have a few rules in the users file that look like this:
DEFAULT Ldap-Group == "Switch Admins"
Reply-Message = "Welcome Switch Admin!"
DEFAULT Ldap-Group == "Router Admins"
Reply-Message = "Welcome Router Admin!"
But the issue is that if a user is a member of both groups, it stops at the
first match.
Is there a way to specify a specific "users" file for each entry in the
"Clients" file? I'm thinking that to do this I will need to setup a virtual
server for each client group, but I'm not finding much in the ways of sample
configurations that let me specify the "users" file as well.
Thanks,
Zach
More information about the Freeradius-Users
mailing list