Assigning users into different VLANs
Herwin Weststrate
herwin at quarantainenet.nl
Thu Jul 10 13:29:09 CEST 2014
On 10-07-14 12:18, Martin Hrabovský wrote:
> That's it! I need to log in even if I don' know user name nor password.
>
> According documentation I should use DEFAULT.
> "A cpecial user named "DEFAULT" matches on all usernames." - this is
> stated in "users" file.
>
> And why I want use "DEFAULT"? To move everyone who has no entry in users
> file (so in this case everyone except mhx) into VLAN 52.
Then you need some more logic in the authorize section. The user does
match (line 749 of Debug: [files] users: Matched entry DEFAULT at line
6), but then all the authentication types require a password before the
user can be authenticated (see lines 762-767).
You need a bit more logic in the inner-tunnel virtual server. Writing
from memory, change the first line of the user DEFAULT to:
"DEFAULT" Auth-Type := Accept
A few more things you want to consider:
- Remove the "files" statement from authorize in sites-enabled/default,
this may overwrite the reply with the VLAN attributes for the outer
username.
- Put the DEFAULT user at the end of the file. Otherwise, the user mhx
will also match DEFAULT and get the Auth-Type Accept.
--
Herwin Weststrate
More information about the Freeradius-Users
mailing list