Hi
I have a seemingly simple thing I need to do, however it doesn’t seem to be working. In the users file I do a quick match to see if a user is in the regex list I put in (this is for overrides of an ldap group, determining higher privileges, but still basic access for the group users), and then another regex checking against a certain ip range :
DEFAULT User-Name =~ "frankdsa|everdstons|kirddksa|kefls", NAS-IP-Address=~"192.168.104.*"
Reply-Message += "Welcome %{User-Name}\n",
Reply-Message += "Admin access",
Cisco-AVPair := "shell:priv-lvl=15"
This adds a couple of reply messages when the user logs in. Of course the users file is pre-auth so it doesn’t care if the ultimate request gets rejected or not based on authorization or some other check. Therefore I’ve added this to the post-auth-type reject section of the default virtual server:
Post-Auth-Type REJECT {
update reply {
Reply-Message := "Authentication failed}"
}
It may be wiser to return nothing, i.e. Reply-Message := “” for security reasons, but the point is that the reply-messages set in the users file still pass through, so I get
Welcome (username)
Admin Access
Authentication Failed
All together. Am I doing something wrong? I also tried Reply-Message !* , but this stopped the service firing up ( version 2.10 – I see this was talked about being fixed in 2.8?), or
Reply-Message -= “%{reply:Reply-Message}”
Which didn’t work either.
Any ideas?
Thanks
Andy