Tie up user to specific NAS
Alexander Clouter
alex at digriz.org.uk
Thu Nov 26 17:31:04 CET 2009
Deepak <d88pak at gmail.com> wrote:
>
> On Thu, Nov 26, 2009 at 3:11 AM, <tnt at kalik.net> wrote:
>
>> You will have to read NAS documentation in order to find out. On many
>> devices you can set NAS-Identifier to be whatever you want. On some
>> devices it can have only a certain default value.
>
> I searched for the previous discussion regarding this topic and found one on net
> http://lists.cistron.nl/pipermail/freeradius-users/2009-May/msg00466.html
>
> My implementation is same as discussed in previous list. Seems like
> there is no way to implement this at current situation (specially when
> using dyanmic-clients)
>
> Any suggestion is highly appreciated
>
Not used it but I would slap into the users file something like:
----
DEFAULT LDAP-Group == "%{NAS-Identifier}"
DEFAULT Auth-Type := Reject
----
As you are using SQL you will have to put all your group data in SQL but
that should do it. Of course if your NAS's do not give you something
useful and unique to key themselves off (something customisable), then
you are 'boned'.
With this approach then you can make users members of multiple groups
too obviously so they can log into more than one place.
Cheers
--
Alexander Clouter
.sigmonster says: When the candles are out all women are fair.
-- Plutarch
More information about the Freeradius-Users
mailing list