Hi,
I'm relatively new to FreeRADIUS, and I'm working on moving the
administrative logins of our network devices (switches, routers, etc) to it.
I was planning on using AD as my data source and creating groups (ex.
Switches, Routers) so people could easily be assigned permissions for the
various devices. I believe I have the AD/Ldap Group retrieval parts
working.
What I'm having issues with is creating user file rules for each group of
devices. I have a few rules in the users file that look like this:
DEFAULT Ldap-Group == "Switch Admins"
Reply-Message = "Welcome Switch Admin!"
DEFAULT Ldap-Group == "Router Admins"
Reply-Message = "Welcome Router Admin!"
But the issue is that if a user is a member of both groups, it stops at the
first match.
Is there a way to specify a specific "users" file for each entry in the
"Clients" file? I'm thinking that to do this I will need to setup a virtual
server for each client group, but I'm not finding much in the ways of sample
configurations that let me specify the "users" file as well.
Thanks,
Zach
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
