On Jun 1, 2020, at 5:35 PM, Difan Zhao <Difan.Zhao@pason.com> wrote:
Thanks Alan! It works!
Good to hear.
Is there anyway to do this with the authorize file or even with the MariaDB? I have users that will have different level of access, and they access different devices. For example, some need to access the Cisco, but not the FortiGate. I was hoping to create groups in the MariaDB like Fortinet-RW, Cisco-RW, ...etc, each with required VSAs in the radgroupreply table. I know that I probably can go with conditions in your config but it would be very convenient if there is a more managed approach.
Put all of the rules into the post-auth section. or, in the post-auth section, do: files.authorize Which runs the "authorize" method of the "files" module. Alan DeKok.