AW: howto - reply items depending on check items (diffentet groupsfordifferent nas-ip-addresses)

it00x32 thomas.beer at dynabcs.at
Tue Apr 1 13:40:16 CEST 2008


Thx for your hint,

i changed my sql table and the conf as you described. But somehow it still
doesnt check the NAS-IP-Address field in the usergroup table.

Any idea?


Ivan Kalik wrote:
> 
> So you want user1 to have access to devices 1, 2 and 3, user2 to 2, 3 and
> 4 etc.? This can be done with the database. You can extend the usergroup
> table to have NASIPAddress field as well and add AND NASIPAddress =
> '%{NAS-IP-Address}' to group_membership_query. In that way user-NAS
> pair will determine the group.
> 
> Ivan Kalik
> Kalik Informatika ISP
> 
> 
> Dana 31/3/2008, "Beer Thomas" <Thomas.Beer at dynabcs.at> piše:
> 
>>But ist not possible to use the same nas-ip in different huntgroups (i
would need that to use a huntgroup like a access group for each user)?!
>>
>>Thx
>>regards
>>
>>-----Ursprüngliche Nachricht-----
>>Von: freeradius-users-bounces+thomas.beer=dynabcs.at at lists.freeradius.org
[mailto:freeradius-users-bounces+thomas.beer=dynabcs.at at lists.freeradius..org]
Im Auftrag von Ivan Kalik
>>Gesendet: Montag, 31. März 2008 14:08
>>An: FreeRadius users mailing list
>>Betreff: Re: howto - reply items depending on check items (diffentet
groups fordifferent nas-ip-addresses)
>>
>>Group devices in huntgroups and then use Huntgroup-Name, not individual
>>NAS-IP-Address.
>>
>>Ivan Kalik
>>Kalik Informatika ISP
>>
>>
>>Dana 31/3/2008, "it00x32" <thomas.beer at dynabcs.at> piše:
>>
>>>
>>>Hi,
>>>
>>>Here´s my problem: I need to create some user - group memebr model to
>>>authenticate with Juniper Netscreen firewalls. Lets say i ve 10 users and
10
>>>different customers with Firewalls. Now i need to give user 1 access to
>>>customer 1,2,3 user 2 access to customer 5.7,8 and so on.
>>>
>>>My idea is to check that with the NAS-IP-Address as the Check item and
the
>>>NS-User-Group as reply item (authorisation is only granted if the reply
>>>NS-User-Group matches the one saved at the netscreen - this works - 
already
>>>tested!)
>>>
>>>so... somebody know how this can be done...?!
>>>i cant use multiple user entries in the users file as only the first is
used
>>>.. e.g
>>>
>>>User1 Password == "OVID", NAS-IP-Address == "198.204.32.45"
>>>      NS-User-Group = "access_gruppe_1"
>>>
>>>User1 Password = "OVID", NAS-IP-Address == "88.34.34.2"
>>>      NS-User-Group = "access_gruppe_2"
>>>
>>>
>>>thx for your help!
>>>
>>>regards
>>>tom
>>>
>>>
>>>
>>>
>>>
>>>--
>>>View this message in context:
http://www.nabble.com/howto---reply-items-depending-on-check-items-%28diffentet-groups-for-different-nas-ip-addresses%29-tp16392701p16392701.html
>>>Sent from the FreeRadius - User mailing list archive at Nabble.com.
>>>
>>>
>>>-
>>>List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>>
>>-
>>List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>>
>>-
>>List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>>
>>
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 

-- 
View this message in context: http://www.nabble.com/howto---reply-items-depending-on-check-items-%28diffentet-groups-for-different-nas-ip-addresses%29-tp16392701p16418175.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.





More information about the Freeradius-Users mailing list