separating Users?
John Dennis
jdennis at redhat.com
Mon Nov 30 21:03:50 CET 2009
On 11/30/2009 02:54 PM, freeradius at corwyn.net wrote:
>
>
>
> There's a piece of RADIUS that I'm not understanding.
>
> If I have an entry in my ./users file
> DEFAULT Auth-Type:=Accept,Ldap-Group == "Group1"
> Service-Type=NAS-Prompt-User,cisco-avpair="shell:priv-lvl=15"
>
> And another entry
> DEFAULT Auth-Type:=Accept,Ldap-Group == "Group2"
> Service-Type=NAS-Prompt-User,cisco-avpair="shell:priv-lvl=15"
>
> where I'm trying to authorize users in Group1 for one set of switches,
> and users in Group2 for another set of switches, how does freeradius
> know which is which?
I assume you're asking how does FreeRADIUS know which switch the request
is associated with, correct? Typically this is done with huntgroups
which adds a huntgroup name to the request based on the IP address of
the NAS. You then perform different operations based on the huntgroup
name. See the huntgroups file for more documentation or the wiki howto
for how to implement huntgroups in SQL.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeradius-Users
mailing list