Re: Multiple NAS Vendors, one user-id?

Fri, 07 Jan 2005 06:32:36 -0800 

>
> On Thu, 6 Jan 2005, Dustin Doris wrote:
>
> > Why don't you make some default entries up front and allow fall-through?
> >
> > For example.
> >
> > DEFAULT  Huntgroup-Name == "x"
> >     Reply-Attribute = X
> >     Fall-Through = yes
> >
> > DEFAULT  Huntgroup-Name == "y"
> >     Reply-Attribute = y
> >     Fall-Through = yes
> >
> > USER  User-Password == "password"
> >
> > USER2 User-Password == "password2"
> >
> > Then the reply attributes are defined for each huntgroup, not for each
> > user.
> >
> > -
> > List info/subscribe/unsubscribe? See 
> > http://www.freeradius.org/list/users.html
> >
>
> This seems like an excellent idea, and I was about to implement this when
> I came accross the next issue. :)
>
> Each username for the Juniper authentication is sending
> "Juniper-Local-User-Name" attributes back.  Not all of the
> Juniper-Local-User-Name's are going to be the same.
>
> Example:
>
> USER1 Auth-Type = System
>          Juniper-Local-User-Name = UNRESTRICTED
>       Riverstone-User-Level = 15
>
> USER2 Auth-Type = System
>          Juniper-Local-User-Name = READ_ONLY
>       Riverstone-User-Level = 15
>
> So, with this said, if I used the DEFAULT for each huntrgoup with
> fallthrough, I still end up with either two user entries for each vendor,
> or sending all attributes under the one username.
>
> Someone previously mentioned this isnt bad, but I just think its "dirty".
> :)  Is this acceptable, or is there a better way?
>
> Im thinking along the lines of an if statement logic...but I dont know how
> to set that up.
>
> If Huntgroup = Juniper
>       Then send only Juniper Attributes
>
> If Huntgroup = Riverstone
>       Then send only Riverstone Attributes
>
> Am I smoking the good stuff or is this doable?
>
>
> Thanks,
> James
>

Maybe you can do groups.  For example, setup an unlimited group
and a read_only group.  Then put the users into the appropriate group.

Have your users file say something like.

DEFAULT  Huntgroup-Name == Juniper, Group == "unlimited"
        Juniper-Local-User-Name = "UNLIMITED"

DEFAULT Huntgroup-Name == Juniper, Group == "read_only"
        Juniper-Local-User-Name = "READ_ONLY"



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to