On 16 Jan 2018, at 22:10, Johnson, Neil M wrote:

I’m guessing this has been answered, but my Google skills are failing me today.


I need to return different RADIUS attributes to devices based on the client identifier.

I tried making the entries in the users file like this:

#
# rasauser is used by netinisight to log into controllers and Airwave as a read only user
#
# AMP Servers
lu_rasauser User-Password = “secret”, Client-Identifier = AMP_Clients
        Session-Timeout=0,Aruba-Admin-Role="Admin"

# WLAN Controllers:
lu_rasauser User-Password = “secret”, Client-Identifier = Aruba_WLAN_CTRL_Clients
        Session-Timeout=0,Aruba-Admin-Role="read-only"

But it appears that it always only matches the first entry in the file.

Not matches, but picks. findUser() in AuthGeneric will call that function in AuthFILE and that will always only match the first user, take the check and reply attributes, create a new object and return it; if the check attributes don’t match you basically lost.


Is there as way to to do this?

With text files, use multiple AuthBy FILE clauses with two (or how many duplicate user names with different check item you have) different files in your handler with a suitable policy, e.g. ContinueUntilAccept.

Something like this:

 <Handler>
     AuthByPolicy ContinueUntilAccept

     <AuthBy FILE>
          Filename AMP_Clients
     </AuthBy>

     <AuthBy FILE>
          Filename Aruba_WLAN_CTRL_Clients
     </AuthBy>
 </Handler>

_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator

Reply via email to