I thought I'd try reposting this under a more descriptive title :)
Let's say that I have two completely different profiles, but they have the same User-Name.
(This is not a situation that I would have thought crops up very often, but I'm reading some Cisco SSG documentation and from what I can tell, you can have regular user profiles, but also user "quota" profiles which are accessed with the same User-Name but which returns different attributes in the Access-Accept)
Let's say you distinguish between the two different profiles in the Access-Request by the presence of one attribute, i.e. if a certain attribute is there, you want one profile; if the attribute isn't there, you want the other profile. Both profiles are returned via an Access-Accept.
How would one do this sort of thing in FreeRADIUS?
janedoeuser Auth-Type := Blah, Attribute-You-Want == Check Reply-Items = Go-Here, ...
janedoeuser Auth-Type := Blah Other-Reply-Items = Go-Here, ...
This is likely a stupid question, but....how would one do this with the sql module?
I took a look at the sql.conf file. From what I can tell, you can configure the SELECT statement that FreeRADIUS uses to obtain the check items for a particular user name, but there doesn't seem to be a distinction between different "profiles", like we have in the users file. There's just one big radcheck table that is queried for check items based on whatever User-Name you like.
Any thoughts?
Desmond
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
