Accept authentication from a list of equipments

nicolaskarp at free.fr nicolaskarp at free.fr
Fri Jul 20 16:47:57 CEST 2007


Hello Everybody,


We have several network equipments with radius athentication. We want to limit
the access to several administrators. We use a radius-proxy and a radius server
with a LDAP base.


For example :


We have two NAS : NAS1 and NAS2
Two groups of users USERS1 and USERS2 in the LDAP base. USERS1 can access to
NAS1 and USER2 can access to NAS2.


Proxy configuration :

** clients.conf **

NAS1 {
 hostname = NAS1
 secret =  NAS1_SECRET
}

NAS2 {
  hostname = NAS2
  secret = NAS2_SECRET
}

** proxy.conf **

realm null {
  type = radius
  authhost = radius_server
  accthost = radius_server
  secret = RADIUS_SECRET
}


Radius_configuration :

** HUNTGROUP **

cisco NAS-IP-ADDRESS = IP_PROXY

** USERS **

DEFAULT Huntgroup-Name == cisco, instance_openldap-Ldap-Group == ??? USERS1 or
USER2 ???
# It's USERS1 for NAS1 and USER2 for NAS2, but the proxy rewrite the
NAS_IP_Address by its address :( I can't differenciate the NAS_IP because it's
the PROXY IP.


How can I do differenciate these equipments ?  For information,  My equipments
are Cisco equipment.


Thanks for your assistance !

Nicolas.



More information about the Freeradius-Users mailing list