NAS-IP-address == "10.1.2.0/24" allowed?
Bjørn Mork
bjorn at mork.no
Tue Jan 24 09:30:10 CET 2006
"Min Qiu" <mqiu at globalinternetworking.com> writes:
> I would like to restrict user login by NAS-IP-address or
> fqdn if possible. Therefore I can restrict user to login
> a group of devices.
>
> user1 Auth-Type := Local, User-Password == "sceret",
> NAS-IP-address =="10.1.2.0/24"
Using a regexp is just as easy when you just need to restrict it on
the byte boundaries:
user1 Auth-Type := Local, User-Password == "sceret", NAS-IP-address =~ "^10\.1\.2\."
Hmm, the manual says that the regex operators may only be applied to
string attributes. But I believe it works on IP addresses too,
doesn't it?
You might want to check out "huntgroups" in any case. See doc/README
and the sample raddb/huntgroups file.
Bjørn
More information about the Freeradius-Users
mailing list