Hello Alex, I have just gone through this
exact scenario and University of Notre Dame, if you want to give me a call I can
talk in detail what the solution was here at ND and it may be of help
Email me directly at mmay3@nd.edu and we can go over the solution in
which I deployed.
Mike
From:
freeradius-devel-bounces+mmay3=nd.edu@lists.freeradius.org [mailto:freeradius-devel-bounces+mmay3=nd.edu@lists.freeradius.org]
On Behalf Of Alexandru Dincov
Sent: Monday, November 20, 2006
11:36 AM
To:
freeradius-devel@lists.freeradius.org
Subject: huntgroups question
Hello,
We plan to use freeradius for authenticating remote access to more than 2000
network devices (CISCO, Nortel, etc.) and we want to do some access control
based on huntgroups. Users and RADIUS profiles are stored in an LDAP backend.
Following freeradius documentation, we have to define all 2000+ IP addresses in
huntgroups configuration file, apparently there is no way to use IP ranges for
defining huntgroups. But this solution (having one huntgroups configuration
file with more than 2000 entries for each freeradius server) would be very
difficult to maintain. Anyone knows if there are any limitations in huntgroups
size? Are there other solutions to have huntgroups functionality (access
control based on NAS-IP-Address or Client-IP-Address) using IP address ranges?
Thanks,
Alex