Huntgroups and Network of Clients

HRZ Konten hrzkonten at uni-bonn.de
Thu Mar 12 15:27:52 CET 2009


>> What will be
>> the configuration then?
>>
>> DEFAULT Huntgroup-Name==testldap, Ldap-Group == employee, Auth-Type := Pam
>>        Fall-Through = no
>>
>> DEFAULT if (NAS-IP-Address >z.z.z.z && NAS-IP-Address< y.y.y.y) {
>> Auth-Type:= Pam} else
>> {
>>
>>       Auth-Type := Reject
>>       Reply-Message = "Please call the helpdesk."
>> }
>>
>> Does that make sense?
>>
>>     
>
> Not really. Sick to one thing - users file or unlang. I would recommend
> unlang. 
I already though about your advice to concetrate at unlang and to check in

sites-enabled/default
---------------------
authorize 
{
ldap

         if (Ldap-Group == "employee" && NAS-IP-Address == ^131\.(220)\.(1)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$) 
               {ok} else
         
         if (Ldap-Group == "student" && NAS-IP-Address == ^131\.(220)\.(2)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$) 
               {ok} else
         if (Huntgroup-Name == "testldap" && Ldap-Group == "student" ) 
               {ok} else
.............
           else {reject}


Is that right?

Should Auth-Type:=Pam stay then in users?
 

I read in another post from today "How to allow nas'es to serve only
groups of clients?" that somebody tries to do almost the same with
unlang and SQL-Groups what I'm trying to do with unlang and LDAP-Groups.
It seems that unlang doesn't works with SQL-Groups so could it be that
the same situation ist for LDAP-Groups too?

I still have freeradius 1.1.7 and I would like to do urgent upgrade only
if I can use unlang to check subnets and Ldap-Groups with it. If this is
not possible, I would like to know.
Is there maybe another way to check subnets? Can I user regex for
example in huntgroups? Then I wouldn't need to  use unlang and can stay
some more time at my current version of freeradius.

Greets
Meyes
> What you posted is a mixture of both but the essence is OK. Just
> use regex for checking subnets.
>   



More information about the Freeradius-Users mailing list