Is that possible that I keep my huntgroups for all clients with IP-Addresses and write a conditions only for network masks?
That would probably be the best. You might benefit from using sql huntgroup implementation (pull IP's from the database): http://wiki.freeradius.org/SQL_Huntgroup_HOWTO
What will be the configuration then?
DEFAULT Huntgroup-Name==testldap, Ldap-Group == employee, Auth-Type := Pam Fall-Through = no
DEFAULT if (NAS-IP-Address >z.z.z.z && NAS-IP-Address< y.y.y.y) { Auth-Type:= Pam} else {
Auth-Type := Reject Reply-Message = "Please call the helpdesk." }
Does that make sense?
Not really. Sick to one thing - users file or unlang. I would recommend unlang. What you posted is a mixture of both but the essence is OK. Just use regex for checking subnets. Ivan Kalik Kalik Informatika ISP