Hello Alex, I have just gone through this exact scenario and University of Notre Dame, if you want to give me a call I can talk in detail what the solution was here at ND and it may be of help

 

Email me directly at mmay3@nd.edu and we can go over the solution in which I deployed.

 

Mike


From: freeradius-devel-bounces+mmay3=nd.edu@lists.freeradius.org [mailto:freeradius-devel-bounces+mmay3=nd.edu@lists.freeradius.org] On Behalf Of Alexandru Dincov
Sent: Monday, November 20, 2006 11:36 AM
To: freeradius-devel@lists.freeradius.org
Subject: huntgroups question

 

Hello,
We plan to use freeradius for authenticating remote access to more than 2000 network devices (CISCO, Nortel, etc.) and we want to do some access control based on huntgroups. Users and RADIUS profiles are stored in an LDAP backend. Following freeradius documentation, we have to define all 2000+ IP addresses in huntgroups configuration file, apparently there is no way to use IP ranges for defining huntgroups. But this solution (having one huntgroups configuration file with more than 2000 entries for each freeradius server) would be very difficult to maintain. Anyone knows if there are any limitations in huntgroups size? Are there other solutions to have huntgroups functionality (access control based on NAS-IP-Address or Client-IP-Address) using IP address ranges?
Thanks,

Alex