Restricting dialup users to certain client definitions only

tnt at kalik.net tnt at kalik.net
Tue Dec 23 11:13:02 CET 2008


>Only problem I see with this approach is that I have to assign every user to
>two groups now in radusersgroup table.
>
>Or.. Is there a better way?
>

Well, different. Don't know about better: use huntgroups.

onlythisgroup   Client-IP-Address == some address
                         SQL-Group == "thisgroup"

multigroup   Client-IP-Address == another address
                    SQL-Group == "groupone",
                    SQL-Group == "grouptwo"

If your client-group mappings are static it will work well.
Straightforward as long as you don't have to return anyhing as a reply
for rejected users. You will need to utilize Post-Auth-Type REJECT if
that is the case.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list