[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    RE: Restricting dialup users to certain client definitions only
From:       <tnt () kalik ! net>
Date:       2008-12-23 10:13:02
Message-ID: HJtU6FMT.1230027182.6455640.tnt () kalik ! net
[Download RAW message or body]

>Only problem I see with this approach is that I have to assign every user to
>two groups now in radusersgroup table.
>
>Or.. Is there a better way?
>

Well, different. Don't know about better: use huntgroups.

onlythisgroup   Client-IP-Address == some address
                         SQL-Group == "thisgroup"

multigroup   Client-IP-Address == another address
                    SQL-Group == "groupone",
                    SQL-Group == "grouptwo"

If your client-group mappings are static it will work well.
Straightforward as long as you don't have to return anyhing as a reply
for rejected users. You will need to utilize Post-Auth-Type REJECT if
that is the case.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]