Try Called-Station-Id. Ivan Kalik Kalik Informatika ISP Dana 20/7/2007, "nicolaskarp@free.fr" <nicolaskarp@free.fr> piše:
Hello Everybody,
We have several network equipments with radius athentication. We want to limit the access to several administrators. We use a radius-proxy and a radius server with a LDAP base.
For example :
We have two NAS : NAS1 and NAS2 Two groups of users USERS1 and USERS2 in the LDAP base. USERS1 can access to NAS1 and USER2 can access to NAS2.
Proxy configuration :
** clients.conf **
NAS1 { hostname = NAS1 secret = NAS1_SECRET }
NAS2 { hostname = NAS2 secret = NAS2_SECRET }
** proxy.conf **
realm null { type = radius authhost = radius_server accthost = radius_server secret = RADIUS_SECRET }
Radius_configuration :
** HUNTGROUP **
cisco NAS-IP-ADDRESS = IP_PROXY
** USERS **
DEFAULT Huntgroup-Name == cisco, instance_openldap-Ldap-Group == ??? USERS1 or USER2 ??? # It's USERS1 for NAS1 and USER2 for NAS2, but the proxy rewrite the NAS_IP_Address by its address :( I can't differenciate the NAS_IP because it's the PROXY IP.
How can I do differenciate these equipments ? For information, My equipments are Cisco equipment.
Thanks for your assistance !
Nicolas. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html