Multiple Huntgroups for one User? 2nd Try
Alexander Papenburg
freeradius at papenb.org
Mon Sep 17 16:25:56 CEST 2007
tnt at kalik.co.yu schrieb:
> huntgroups file:
>
> pool3 NAS-IP-Address == "NAS1IPAddress"
> pool3 NAS-IP-Address == "NAS2IPAddress"
> pool3 NAS-IP-Address == "NAS3IPAddress"
>
> ____
>
> DEFAULT Huntgroup-Name == "pool3", User-Name == "user2", Auth-Type :=
> Reject
>
> in users file. Huntgroups *are* what you refer to as "hostpools".
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
You're right with the hostpools... %)
Maybe this will more exactly explain my question:
I have 4 groups of users:
Admins (which are allowed to access all hosts)
- okay quite easy, simply no huntgroup
FW-Admins (which are allowed to access only FW-IPs)
- easy too, huntgroup FW-IPs
RTR-Admins (which are allowed to access all CPE-IPs)
- difficult (big net) so I want to use REGEX wildcards, which
unfortunatly covers the FW-IPs
Apprentice (which are allowed to access only TEST-IPs)
- again easy, huntgroup TEST-IPs
So what I want is something like in an example 10.0.0.0/16 net (with
aprox.: 400-500 Devices in this Range) ...
huntgroups:
FW-IPs NAS-IP-Address == "10.0.0.1"
FW-IPs NAS-IP-Address == "10.0.0.2"
FW-IPs NAS-IP-Address == "10.0.0.3"
CPE-IPs NAS-IP-Address =~ '10\.0\..*\..*'
TEST-IPs NAS-IP-Address == "10.0.255.1"
TEST-IPs NAS-IP-Address == "10.0.255.2"
TEST-IPs NAS-IP-Address == "10.0.255.3"
users:
anderson Huntgroup-Name == "CPE-IPs", Huntgroup-Name != "FW-IPs" (Is
this possible ?!?)
- for a user who should access all the 10.0.0.0/16 net except the FW IP's.
smith Huntgroup-Name == "TEST-IPs"
- a simple apprentice entry
and so on ...
Any ideas?
Alexander
More information about the Freeradius-Users
mailing list