Attributes from DEFAULT user are always used although there's a more specific user
Alan DeKok
aland at deployingradius.com
Thu Dec 21 17:06:56 CET 2017
On Dec 21, 2017, at
>
>
> i try to use files and SQL for authentication. In my users file, i have a DEFAULT user and a specific user 'HSI/DEU.MYID.47110815' in SQL radcheck/radreply table. If my user is authenticated, Attributes from respective user *and* from DEFAULT user are replied to the nas although there is no explicit "Fall-Through = Yes" attribute. Is that an excpected behaviour ?
Yes. The "files" module and the "sql" module run completely independently.
Fall-Through is only applied inside of one module. e.g. for entries in the "users" file. It doesn't affect inter-module behaviour.
> How can i achieve that only attributes from specific user is replied and those from DEFAULT user are only replied, when there is no accurate user.
Have the DEFAULT entry in the "users" file set a special attribute, and then check for that.
> root at quagga:/opt/freeradius/etc/raddb# more users
> DEFAULT User-Name =~ "^HSI.*", Auth-Type := Accept
> Class = "Default"
That's good. And then wrap the call to the SQL module with a check for this situation:
...
if (reply:Class ~= "Default") {
sql
}
...
Alan DeKok.
More information about the Freeradius-Users
mailing list