[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
User profiles are per-user matching rules
(see section 3.3 Matching Rule). All incoming authentication requests are
compared with the user profiles after they have passed both
hints and huntgroups. radiusd
selects the user
profiles whose label matches the value of the User-Name
attribute from the incoming request.
The selected profiles form the list of authentication rules for the
request. In order for a profile to be selected, its label must either
coincide literally with the User-Name
value, or be one
of the special labels, DEFAULT
or BEGIN
.
Rules in an authentication list are ordered as follows: first go all
the profiles with the BEGIN
label, followed by the profiles whose
labels match the User-Name
literally, followed finally by the rules
labeled with the DEFAULT
. (1)
Within each of the three sublists, the rules preserve the order in
which they appear in the `raddb/users' file. Once the list is
constructed, it is scanned sequentially until the rule is found whose
LHS matches the incoming request. If no such rule is found, the
authentication fails. Otherwise, the contents of its RHS are
appended to the reply list being constructed. If the RHS of
the matched rule contains the attribute Fall-Through
with the
value Yes
, the matching continues. When the list is exhausted,
the authentication result is sent back to the NAS along with the
A/V pairs collected in the reply list.
User profiles are defined in the `raddb/users' file (see section 5.9 User Profiles -- `raddb/users').