Access provide to TWO Servers dependant on Group?
Ivan Kalik
tnt at kalik.net
Wed Jun 24 13:13:13 CEST 2009
> I have TWO Servers, with one running PoPtop+Radius plugin / freeradius
> 2.1.6 / SQL DaloRadius Setup
>
> Connection is INTERNET>PPP>FREERADIUS>LAN
>
> User X connects to Server A and authenticates against freedradius running
> on Server A and is provided with Access use mschap v2 authentication and
> this works fine..
>
> What I would like to do is setup Server B to authenticate against
> freeradius on Server A, but ONLY allow access to Server B if the
> connecting user belongs to a specific Group. If group is the correct
> approach?
>
> I'm looking at setting up TWO Groups.
>
> Default Group to allow access to Server A only, but if you belong to
> GROUPX, you will be allowed access to both Server A and Server B.
>
> How do I setup this access in SQL against a user and what Check / Reply
> attributes, if any do I need to use?
Add users to groups. Then use unlang to check group/NAS combination:
if(NAS-IP-Address == NAS2 && SQL-Group == "GROUPX") {
ok
}
else {
reject
}
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list