You can use huntgroups: nasA NAS-IP-Address == aaa.aaa.aaa.aaa User-Name = jane, User-Name = peter nasB NAS-IP-Address == bbb.bbb.bbb.bbb User-Name = john, User-Name = peter nasC NAS-IP-Address == ccc.ccc.ccc.ccc User-Name = john, User-Name = peter nasD NAS-IP-Address == ddd.ddd.ddd.ddd User-Name = george, User-Name = peter John can use B and C, Jane only A, George only D while Peter can use them all. If John tries to connect to A he will be rejected even if his credentials (user/pass) are correct. This also works with (SQL, Ldap) groups. This doesn't scale very well. It's a quick and easy solution for a small number of devices and users (groups). Ivan Kalik Kalik Informatika ISP Dana 12/7/2007, "Thiago Drechsel" <thiago.drechsel@gmail.com> piše:
Hi all.
I'm new with freeradius. I'd like some help to configure my Radius server, in order to acomplish the following task:
I have a radius server, called "R". This radius authenticates users wha want to access our lab equipments, called A, B, C, D and etc.
I want to restrict access to these equipments to some users, using radius. For example, user "john" only can access equipments B and C, but can't access equipments A and D.
Can anyone help me with this task?
Thanks in advance
Thiago