Multiple values for the same integer-attribute in one RADIUS reply???
Hello everybody, Yesterday I ran into deep problems trying to configure freeradius 0.9.0 for so called authenticated switch access (asa) which is a feature of alcatel (formerly xylan) lan switches enabling them to query a radius server for user authentication. My users file looks like: ... user2 Auth-Type := Local, User-Password == testpw Alcatel-Access-Priv= Alcatel-Read-Priv, Alcatel-Access-Priv= Alcatel-Write-Priv, Alcatel-Access-Priv= Alcatel-Admin-Priv ... My vendor specific dictionary file looks like: ... ATTRIBUTE Alcatel-Access-Priv 16 integer Alcatel VALUEAlcatel-Access-Priv Alcatel-Read-Priv 1 VALUEAlcatel-Access-Priv Alcatel-Write-Priv 2 VALUEAlcatel-Access-Priv Alcatel-Admin-Priv 3 ... My configuration seems to be working fine so far, because 'user2' is authenticated by the radius server an can login to the device. But now the problem arises: I need the user to get assigned all of the three privileges that I mentioned above concurrently and not alternatively. At the moment my user only gets read, write or admin access - the actually assigned privilege depends on the sequence of privileges for user2 in my users-file (only the first privilege is assigned). Maybe there's anybody out there who got an idea of how to solve this problem and return all of the three integer values for the attribute 'Alcatel-Access-Priv' in one radius-reply. Thanks in advance. Stephan -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Multiple values for the same integer-attribute in one RADIUS reply???
At 05:02 PM 12/10/2003, [EMAIL PROTECTED] wrote: Hello everybody, Yesterday I ran into deep problems trying to configure freeradius 0.9.0 for so called authenticated switch access (asa) which is a feature of alcatel (formerly xylan) lan switches enabling them to query a radius server for user authentication. My users file looks like: ... user2 Auth-Type := Local, User-Password == testpw Alcatel-Access-Priv= Alcatel-Read-Priv, Alcatel-Access-Priv= Alcatel-Write-Priv, Alcatel-Access-Priv= Alcatel-Admin-Priv ... See the docs, man users, the list archives from the last few days. You need the += attribute to add mutile attributes of the same type to a reply. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
