24 Jan
2006
24 Jan
'06
3:30 a.m.
"Min Qiu" <mqiu@globalinternetworking.com> writes:
I would like to restrict user login by NAS-IP-address or fqdn if possible. Therefore I can restrict user to login a group of devices.
user1 Auth-Type := Local, User-Password == "sceret", NAS-IP-address =="10.1.2.0/24"
Using a regexp is just as easy when you just need to restrict it on the byte boundaries: user1 Auth-Type := Local, User-Password == "sceret", NAS-IP-address =~ "^10\.1\.2\." Hmm, the manual says that the regex operators may only be applied to string attributes. But I believe it works on IP addresses too, doesn't it? You might want to check out "huntgroups" in any case. See doc/README and the sample raddb/huntgroups file. Bjørn