On 16 Jan 2018, at 22:10, Johnson, Neil M wrote:
I’m guessing this has been answered, but my Google skills are
failing me today.
I need to return different RADIUS attributes to devices based on the
client identifier.
I tried making the entries in the users file like this:
#
# rasauser is used by netinisight to log into controllers and Airwave
as a read only user
#
# AMP Servers
lu_rasauser User-Password = “secret”, Client-Identifier =
AMP_Clients
Session-Timeout=0,Aruba-Admin-Role="Admin"
# WLAN Controllers:
lu_rasauser User-Password = “secret”, Client-Identifier =
Aruba_WLAN_CTRL_Clients
Session-Timeout=0,Aruba-Admin-Role="read-only"
But it appears that it always only matches the first entry in the
file.
Not matches, but picks. findUser() in AuthGeneric will call that
function in AuthFILE and that will always only match the first user,
take the check and reply attributes, create a new object and return it;
if the check attributes don’t match you basically lost.
Is there as way to to do this?
With text files, use multiple AuthBy FILE clauses with two (or how many
duplicate user names with different check item you have) different files
in your handler with a suitable policy, e.g. ContinueUntilAccept.
Something like this:
<Handler>
AuthByPolicy ContinueUntilAccept
<AuthBy FILE>
Filename AMP_Clients
</AuthBy>
<AuthBy FILE>
Filename Aruba_WLAN_CTRL_Clients
</AuthBy>
</Handler>
_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator
