> > On Thu, 6 Jan 2005, Dustin Doris wrote: > > > Why don't you make some default entries up front and allow fall-through? > > > > For example. > > > > DEFAULT Huntgroup-Name == "x" > > Reply-Attribute = X > > Fall-Through = yes > > > > DEFAULT Huntgroup-Name == "y" > > Reply-Attribute = y > > Fall-Through = yes > > > > USER User-Password == "password" > > > > USER2 User-Password == "password2" > > > > Then the reply attributes are defined for each huntgroup, not for each > > user. > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > This seems like an excellent idea, and I was about to implement this when > I came accross the next issue. :) > > Each username for the Juniper authentication is sending > "Juniper-Local-User-Name" attributes back. Not all of the > Juniper-Local-User-Name's are going to be the same. > > Example: > > USER1 Auth-Type = System > Juniper-Local-User-Name = UNRESTRICTED > Riverstone-User-Level = 15 > > USER2 Auth-Type = System > Juniper-Local-User-Name = READ_ONLY > Riverstone-User-Level = 15 > > So, with this said, if I used the DEFAULT for each huntrgoup with > fallthrough, I still end up with either two user entries for each vendor, > or sending all attributes under the one username. > > Someone previously mentioned this isnt bad, but I just think its "dirty". > :) Is this acceptable, or is there a better way? > > Im thinking along the lines of an if statement logic...but I dont know how > to set that up. > > If Huntgroup = Juniper > Then send only Juniper Attributes > > If Huntgroup = Riverstone > Then send only Riverstone Attributes > > Am I smoking the good stuff or is this doable? > > > Thanks, > James >
Maybe you can do groups. For example, setup an unlimited group and a read_only group. Then put the users into the appropriate group. Have your users file say something like. DEFAULT Huntgroup-Name == Juniper, Group == "unlimited" Juniper-Local-User-Name = "UNLIMITED" DEFAULT Huntgroup-Name == Juniper, Group == "read_only" Juniper-Local-User-Name = "READ_ONLY" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html