See "man unlang". Put the logic into raddb/sites-available/default,
the "authorize" section.
Uh... read the debug output, and look at the files in the "raddb"
directory. The directory has more than *one* file. This should be a
hint that the "users" file doesn't solve everything.
Alan DeKok.
Hi Alan, , thanks , I've read it but it's too complicated and I'm
missing more examples of configurations
If anybody help me with the syntax and code location with this issue:
If requests come from NAS-IP-Address==1.1.1.1 and the
%{mschap:NT-Domain}=vipdomainuser , check them against module
ntlm_auth_vip ( module is already working ) and if pass give them
Cisco-Avpair += "ipsec:addr-pool=vip_vpn_pool" and other optional
AVpairs.
If request comes from NAS-IP-Address==1.1.1.1 and the
%{mschap:NT-Domain}=guestdomainuser , check them against module
ntlm_auth_guests and if pass give them Cisco-Avpair +=
"ipsec:addr-pool=guest_vpn_pool" and other optional AVpairs.
Other point is that none can get the AV pair
"ipsec:addr-pool=vip_vpn_pool" if the %{mschap:NT-Domain} is not
vipdomainuser
Thank a lot for any hint
pet
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
