Question setting up Virtual Servers with unique clients / users files.
Klaus Klein
k.klein at gmx.de
Fri Aug 31 20:35:23 CEST 2012
Am 31.08.2012 19:22, schrieb Zach Simpson:
> What I'm having issues with is creating user file rules for each group of
> devices. I have a few rules in the users file that look like this:
>
> DEFAULT Ldap-Group == "Switch Admins"
> Reply-Message = "Welcome Switch Admin!"
> DEFAULT Ldap-Group == "Router Admins"
> Reply-Message = "Welcome Router Admin!"
>
> But the issue is that if a user is a member of both groups, it stops at the
> first match.
Your problem as well as the solution is descriped in the top of the users file:
# A special user named "DEFAULT matches on all usernames.
# You can have several DEFAULT entries. All entries are processed
# in the order they appear in this file. The first entry that
# matches the login-request will stop processing unless you use
# the Fall-Through variable.
You therefore should use the following:
DEFAULT Ldap-Group == "Switch Admins"
Reply-Message = "Welcome Switch Admin!"
Fall-Through = Yes
DEFAULT Ldap-Group == "Router Admins"
Reply-Message = "Welcome Router Admin!"
Fall-Through = Yes
Cheers,
Klaus
More information about the Freeradius-Users
mailing list