AW: howto - reply items depending on check items (diffentet groupsfordifferent nas-ip-addresses)

Ivan Kalik tnt at kalik.net
Mon Mar 31 16:00:48 CEST 2008 

So you want user1 to have access to devices 1, 2 and 3, user2 to 2, 3 and
4 etc.? This can be done with the database. You can extend the usergroup
table to have NASIPAddress field as well and add AND NASIPAddress =
'%{NAS-IP-Address}' to group_membership_query. In that way user-NAS
pair will determine the group.

Ivan Kalik
Kalik Informatika ISP


Dana 31/3/2008, "Beer Thomas" <Thomas.Beer at dynabcs.at> piše:

>But ist not possible to use the same nas-ip in different huntgroups (i would need that to use a huntgroup like a access group for each user)?!
>
>Thx
>regards
>
>-----Ursprüngliche Nachricht-----
>Von: freeradius-users-bounces+thomas.beer=dynabcs.at at lists.freeradius.org [mailto:freeradius-users-bounces+thomas.beer=dynabcs.at at lists.freeradius..org] Im Auftrag von Ivan Kalik
>Gesendet: Montag, 31. März 2008 14:08
>An: FreeRadius users mailing list
>Betreff: Re: howto - reply items depending on check items (diffentet groups fordifferent nas-ip-addresses)
>
>Group devices in huntgroups and then use Huntgroup-Name, not individual
>NAS-IP-Address.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 31/3/2008, "it00x32" <thomas.beer at dynabcs.at> piše:
>
>>
>>Hi,
>>
>>Here´s my problem: I need to create some user - group memebr model to
>>authenticate with Juniper Netscreen firewalls. Lets say i ve 10 users and 10
>>different customers with Firewalls. Now i need to give user 1 access to
>>customer 1,2,3 user 2 access to customer 5.7,8 and so on.
>>
>>My idea is to check that with the NAS-IP-Address as the Check item and the
>>NS-User-Group as reply item (authorisation is only granted if the reply
>>NS-User-Group matches the one saved at the netscreen - this works -  already
>>tested!)
>>
>>so... somebody know how this can be done...?!
>>i cant use multiple user entries in the users file as only the first is used
>>.. e.g
>>
>>User1 Password == "OVID", NAS-IP-Address == "198.204.32.45"
>>      NS-User-Group = "access_gruppe_1"
>>
>>User1 Password = "OVID", NAS-IP-Address == "88.34.34.2"
>>      NS-User-Group = "access_gruppe_2"
>>
>>
>>thx for your help!
>>
>>regards
>>tom
>>
>>
>>
>>
>>
>>--
>>View this message in context: http://www.nabble.com/howto---reply-items-depending-on-check-items-%28diffentet-groups-for-different-nas-ip-addresses%29-tp16392701p16392701.html
>>Sent from the FreeRadius - User mailing list archive at Nabble.com.
>>
>>
>>-
>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list