sites-enabled/default --------------------- authorize { ldap
if (Ldap-Group == "employee" && NAS-IP-Address == ^131\.(220)\.(1)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$) {ok} else
if (Ldap-Group == "student" && NAS-IP-Address == ^131\.(220)\.(2)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$) {ok} else if (Huntgroup-Name == "testldap" && Ldap-Group == "student" ) {ok} else .............. else {reject}
Is that right?
No. But if you remove else and change if to elsif it will be.
Should Auth-Type:=Pam stay then in users?
Yes. Or you can put it in here instead of ok.
I read in another post from today "How to allow nas'es to serve only groups of clients?" that somebody tries to do almost the same with unlang and SQL-Groups what I'm trying to do with unlang and LDAP-Groups. It seems that unlang doesn't works with SQL-Groups so could it be that the same situation ist for LDAP-Groups too?
== should work. It seems that != doesn't work in unlang with those attributes. Ivan Kalik Kalik Informatika ISP