[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: RE: Restricting dialup users to certain client definitions only
From: <tnt () kalik ! net>
Date: 2008-12-23 10:13:02
Message-ID: HJtU6FMT.1230027182.6455640.tnt () kalik ! net
[Download RAW message or body]
>Only problem I see with this approach is that I have to assign every user to
>two groups now in radusersgroup table.
>
>Or.. Is there a better way?
>
Well, different. Don't know about better: use huntgroups.
onlythisgroup Client-IP-Address == some address
SQL-Group == "thisgroup"
multigroup Client-IP-Address == another address
SQL-Group == "groupone",
SQL-Group == "grouptwo"
If your client-group mappings are static it will work well.
Straightforward as long as you don't have to return anyhing as a reply
for rejected users. You will need to utilize Post-Auth-Type REJECT if
that is the case.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic