Remember that for EAP methods such as PEAP and TTLS, you cannot trust the outer username so policies should be defined in inner-tunnel (where username is known) with relevant copying to the outer reply alan On 31 Oct 2017 5:39 am, "Muenz, Michael" <m.muenz@spam-fetish.org> wrote:
Am 30.10.2017 um 13:33 schrieb Satish Patel:
In auth-post of deafult file right or inner-tunnel?
Hi,
post-auth section in default. You can do quite complex setup with this:
if (User-Name =~ /^m[0-9][0-9][0-9]_/) { update reply { Class := "groupX" } } elsif (User-Name =~ /^admin_/) { update reply { Class := "groupAdmins" } } elsif (User-Name =~ /^service_/) { update reply { Class := "groupService" } } else { update reply { Class := "groupDefault" } }
Michael
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list /users.html