[RADIATOR] Multiple Users in a Flat File

[Bjoern A. Zeeb]

On 16 Jan 2018, at 22:10, Johnson, Neil M wrote:

> I’m guessing this has been answered, but my Google skills are 
> failing me today.
>
> I need to return different RADIUS attributes to devices based on the 
> client identifier.
>
> I tried making the entries in the users file like this:
>
> #
> # rasauser is used by netinisight to log into controllers and Airwave 
> as a read only user
> #
> # AMP Servers
> lu_rasauser User-Password = “secret”, Client-Identifier = 
> AMP_Clients
>         Session-Timeout=0,Aruba-Admin-Role="Admin"
>
> # WLAN Controllers:
> lu_rasauser User-Password = “secret”, Client-Identifier = 
> Aruba_WLAN_CTRL_Clients
>         Session-Timeout=0,Aruba-Admin-Role="read-only"
>
> But it appears that it always only matches the first entry in the 
> file.

Not matches, but picks.  findUser() in AuthGeneric will call that 
function in AuthFILE and that will always only match the first user, 
take the check and reply attributes, create a new object and return it;  
if the check attributes don’t match you basically lost.


> Is there as way to to do this?

With text files, use multiple AuthBy FILE clauses with two (or how many 
duplicate user names with different check item you have) different files 
in your handler with a suitable policy, e.g. ContinueUntilAccept.

Something like this:

  <Handler>
      AuthByPolicy ContinueUntilAccept

      <AuthBy FILE>
           Filename AMP_Clients
      </AuthBy>

      <AuthBy FILE>
           Filename Aruba_WLAN_CTRL_Clients
      </AuthBy>
  </Handler>