Multiple Huntgroups for one User? 2nd Try

tnt at kalik.co.yu tnt at kalik.co.yu
Mon Sep 17 17:56:07 CEST 2007


>RTR-Admins (which are allowed to access all CPE-IPs)
>- difficult (big net) so I want to use REGEX wildcards, which
>unfortunatly covers the FW-IPs
>

>
>huntgroups:
>
>FW-IPs   NAS-IP-Address == "10.0.0.1"
>FW-IPs   NAS-IP-Address == "10.0.0.2"
>FW-IPs   NAS-IP-Address == "10.0.0.3"
>
>CPE-IPs   NAS-IP-Address =~ '10\.0\..*\..*'
>
>TEST-IPs   NAS-IP-Address == "10.0.255.1"
>TEST-IPs   NAS-IP-Address == "10.0.255.2"
>TEST-IPs   NAS-IP-Address == "10.0.255.3"
>
>
>users:
>
>anderson Huntgroup-Name == "CPE-IPs", Huntgroup-Name != "FW-IPs" (Is
>this possible ?!?)
>- for a user who should access all the 10.0.0.0/16 net except the  FW IP's.
>
No. Do this:

anderson   Huntgroup-Name == "FW-IPs", Auth-Type:=Reject (
it will cut down processing)

This is an example when you should set Auth-Type. CPE huntgroup includes
all others so can do away with it.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list