"Tom Whitehouse" <[EMAIL PROTECTED]> wrote:
> This all works, and I now need to check multiple Samba password
> files and depending on which one contains the users credentials
> return a VLAN tag to the switch.
...
> and tried using realms and Autz-Type in the authorize section and
> changing User-Name to Stripped-User-Name, but this doesn't work with
> EAP.
There should really be a page in the docs somewhere saying realms
are mainly for proxying...
In your case, my suggestion is the following:
- add 2 new "string" attributes to the dictionary, Something-Group &&
Something-User
- use regular expressions in the "hints" file to match the incoming
User-Name, and create Something-Group and Something-User. e.g.
DEFAULT User-Name =~ "(.*)x(.*)"
Something-Group = `%{1}`,
Something-User = `%{2}`
Keep the rlm_passwd config, but change the key from User-Name to
Something-User. Oh, and delete the "authtype = MS-CHAP" config. It
probably should be removed from the server entirely.
- in the "users" file, key off of Something-Group...
This all presumes that the users log in with realms, so *they* tell
the server which group they belong in.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
