Can't append attributes to the Access-Accept relayed from the proxy home-server to the clients
Alan DeKok
aland at deployingradius.com
Tue Jun 2 01:28:30 CEST 2020
On Jun 1, 2020, at 5:35 PM, Difan Zhao <Difan.Zhao at pason.com> wrote:
>
> Thanks Alan! It works!
Good to hear.
> Is there anyway to do this with the authorize file or even with the MariaDB? I have users that will have different level of access, and they access different devices. For example, some need to access the Cisco, but not the FortiGate. I was hoping to create groups in the MariaDB like Fortinet-RW, Cisco-RW, ...etc, each with required VSAs in the radgroupreply table. I know that I probably can go with conditions in your config but it would be very convenient if there is a more managed approach.
Put all of the rules into the post-auth section.
or, in the post-auth section, do:
files.authorize
Which runs the "authorize" method of the "files" module.
Alan DeKok.
More information about the Freeradius-Users
mailing list