My users authenticate via certificates and eap/tls.
Up to now they all get the same DEFAULTs for DNS servers and WINS
servers assigend.
Now there is demand, to assign some of them special servers.
I would like to do this, defining another DEFAULT entry combined with a
hint/check item or something else.
If they would use normal accounts, they would be able to append a suffix
to that account, so that a hint file comes into business.
As their login is extracted from the certificate, they have no chance to
do so.
I would like to do something like this, but as far as I understand, this
Group check-item will only work with Auth-Type=System:
[EMAIL PROTECTED], Group="abc"
Fall-Through = Yes,
[EMAIL PROTECTED], Group="123"
Fall-Through = Yes,
DEFAULT Group="abc"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Cisco-AVPair += "ip:dns-servers=1.2.3.4 5.6.7.8",
Fall-Through = No,
DEFAULT Group="123"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Cisco-AVPair += "ip:dns-servers=11.22.33.44 55.66.77.88",
Fall-Through = No
Is there a way to do this?
Thanks for an answer.
Norbert Wegener
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
