Let's say that I have two completely different profiles, but they have the same User-Name.
(This is not a situation that I would have thought crops up very often, but I'm reading some Cisco SSG documentation and from what I can tell, you can have regular user profiles, but also user "quota" profiles which are accessed with the same User-Name but which returns different attributes in the Access-Accept)
Let's say you distinguish between the two different profiles in the Access-Request by the presence of one attribute, i.e. if a certain attribute is there, you want one profile; if the attribute isn't there, you want the other profile. Both profiles are returned via an Access-Accept.
How would one do this sort of thing in FreeRADIUS?
janedoeuser Auth-Type := Blah, Attribute-You-Want == Check Reply-Items = Go-Here, ...
janedoeuser Auth-Type := Blah Other-Reply-Items = Go-Here, ...
This sort of setup occured to me, but I was under the impression that if the first one failed (the check items didn't match) then it was game over. FreeRADIUS wouldn't look for any more users to match. I'll take a closer look at the user file man page. Thanks.
Desmond
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
