Huntgroups and Network of Clients

HRZ Konten hrzkonten at uni-bonn.de
Tue Mar 10 16:37:25 CET 2009


> In 2.1.3 you can use unlang and not need huntgroups at all. Read man
> unlang on freeradius site.
>   
Thank you for answer Ivan. I'm thinking about upgrading of 2.1.3 or
2.1.4 but I'm not really sure how to transform my huntgroups und users
configuration in unlang. I read the documentation but I have big
problems to understand it. Please I need a little bit help on this
Should it be something like that?


if (Ldap-Group == employee && NAS-IP-Address >x.x.x.x && NAS-IP-Address<
y.y.y.y) {
Auth-Type:= Pam} else
if (Ldap-Group == student && NAS-IP-Address >z.z.z.z && NAS-IP-Address<
y.y.y.y) {
Auth-Type:= Pam} else
....
if (NAS-IP-Address >z.z.z.z && NAS-IP-Address< y.y.y.y) {
Auth-Type:= Pam} else
{

       Auth-Type := Reject
}



Sorry but I'm not sure
1. whether the NAS-IP-Address ist the right variable to check  if a
client is in an Subnetwork
2. where should I put this if-condition: kann I put it in users instead
of Huntgroups? Or should stay in sites-available/default and what
section or in radiusd.conf?
3. I have about more than 100 different Clients, some with IP-Address
some with NetworkMask. It is really simple to put that ones with
IP-Addresses into the huntgroups file with different groups . But when I
implement a condition with unlang for every one of them, wouldn't that
be a killer for the performance when every query checks the script?

Is that possible that I keep my huntgroups for all clients with
IP-Addresses and write a conditions only for network masks? What will be
the configuration then?

DEFAULT Huntgroup-Name==testldap, Ldap-Group == employee, Auth-Type := Pam
        Fall-Through = no

DEFAULT if (NAS-IP-Address >z.z.z.z && NAS-IP-Address< y.y.y.y) {
Auth-Type:= Pam} else
{

       Auth-Type := Reject
       Reply-Message = "Please call the helpdesk."
}

Does that make sense?

Greets,
Meyes


> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   



More information about the Freeradius-Users mailing list