Huntgroups and Network of Clients

tnt at kalik.net tnt at kalik.net
Thu Mar 12 15:51:16 CET 2009


>
>sites-enabled/default
>---------------------
>authorize
>{
>ldap
>
>         if (Ldap-Group == "employee" && NAS-IP-Address == ^131\.(220)\.(1)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$)
>               {ok} else
>
>         if (Ldap-Group == "student" && NAS-IP-Address == ^131\.(220)\.(2)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$)
>               {ok} else
>         if (Huntgroup-Name == "testldap" && Ldap-Group == "student" )
>               {ok} else
>..............
>           else {reject}
>
>
>Is that right?

No. But if you remove else and change if to elsif it will be.

>
>Should Auth-Type:=Pam stay then in users?
>

Yes. Or you can put it in here instead of ok.

>
>I read in another post from today "How to allow nas'es to serve only
>groups of clients?" that somebody tries to do almost the same with
>unlang and SQL-Groups what I'm trying to do with unlang and LDAP-Groups.
>It seems that unlang doesn't works with SQL-Groups so could it be that
>the same situation ist for LDAP-Groups too?

== should work. It seems that != doesn't work in unlang with those
attributes.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list