If there is no group or attribute in AD to define the conditions then need to create conditions based on username
There are two attributes that can use
- User-Name attribute in RADIUS IETF dictionary; this is username as presented in original RADIUS request
- UserName attribute in System dictionary
For protocol like PAP this will be the same; however for protocols where for example the initial username is presented as anonymous then the UserName attribute will contain the actual user name after all the prococol negociation and session establishment
So in general is always best to use the attribute in the system dictionary
Can select this as a contion by pressing "Customize" and selecting "System:UserName" as the condition
There needs to be one rule per user; with large numbers does not scale as well as group or attribute based rules