Can't append attributes to the Access-Accept relayed from the proxy home-server to the clients
Difan Zhao
Difan.Zhao at pason.com
Tue Jun 2 22:08:02 CEST 2020
Works like a charm! Thank you very much Alan.
Thanks,
Difan
-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+difan.zhao=pason.com at lists.freeradius.org> On Behalf Of Alan DeKok
Sent: June 1, 2020 5:29 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: Can't append attributes to the Access-Accept relayed from the proxy home-server to the clients
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
On Jun 1, 2020, at 5:35 PM, Difan Zhao <Difan.Zhao at pason.com> wrote:
>
> Thanks Alan! It works!
Good to hear.
> Is there anyway to do this with the authorize file or even with the MariaDB? I have users that will have different level of access, and they access different devices. For example, some need to access the Cisco, but not the FortiGate. I was hoping to create groups in the MariaDB like Fortinet-RW, Cisco-RW, ...etc, each with required VSAs in the radgroupreply table. I know that I probably can go with conditions in your config but it would be very convenient if there is a more managed approach.
Put all of the rules into the post-auth section.
or, in the post-auth section, do:
files.authorize
Which runs the "authorize" method of the "files" module.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list