Accept authentication from a list of equipments
tnt at kalik.co.yu
tnt at kalik.co.yu
Fri Jul 20 20:29:46 CEST 2007
Try Called-Station-Id.
Ivan Kalik
Kalik Informatika ISP
Dana 20/7/2007, "nicolaskarp at free.fr" <nicolaskarp at free.fr> piše:
>Hello Everybody,
>
>
>We have several network equipments with radius athentication. We want to limit
>the access to several administrators. We use a radius-proxy and a radius server
>with a LDAP base.
>
>
>For example :
>
>
>We have two NAS : NAS1 and NAS2
>Two groups of users USERS1 and USERS2 in the LDAP base. USERS1 can access to
>NAS1 and USER2 can access to NAS2.
>
>
>Proxy configuration :
>
>** clients.conf **
>
>NAS1 {
> hostname = NAS1
> secret = NAS1_SECRET
>}
>
>NAS2 {
> hostname = NAS2
> secret = NAS2_SECRET
>}
>
>** proxy.conf **
>
>realm null {
> type = radius
> authhost = radius_server
> accthost = radius_server
> secret = RADIUS_SECRET
>}
>
>
>Radius_configuration :
>
>** HUNTGROUP **
>
>cisco NAS-IP-ADDRESS = IP_PROXY
>
>** USERS **
>
>DEFAULT Huntgroup-Name == cisco, instance_openldap-Ldap-Group == ??? USERS1 or
>USER2 ???
># It's USERS1 for NAS1 and USER2 for NAS2, but the proxy rewrite the
>NAS_IP_Address by its address :( I can't differenciate the NAS_IP because it's
>the PROXY IP.
>
>
>How can I do differenciate these equipments ? For information, My equipments
>are Cisco equipment.
>
>
>Thanks for your assistance !
>
>Nicolas.
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list