I have a similar situation. I have several chillispot APs, and want users to only login to their 'home' AP, and not others. I'm using mysql backend to Freeradius. if I use NAS-IP-Address == <ap ip to restrict>, Auth-Type := Reject in the radcheck table it seems there is nothing that ties them together. I know it shouldn't be that hard to limit users to a certian AP, I'm still quite new to radius. Thanks for any suggestions! - marshall On 6/9/06, Chris Carver <ccarver@pennswoods.net> wrote:
Kartthik Raghunathan wrote:
Am using two linksys access points for my wireless client. In one of my access points i want to restrict the users connecting to it, ist possible to do this using huntgroup. If so can someone show some light or provide a sample config to do it.
thanks, Kartthik
Sure, but if you only have 2 its probably not necessary. You could just do this in the users file:
default NAS-IP-Address == <ap ip to restrict>, Auth-Type := Reject
Of course, you might not simply want to reject them. But you can match on the ip of the ap in the users file and do whatever you want. If you wanted to do it with huntgroups you'd have to add two entries in the huntgroups file:
restrictedAP NAS-IP-Address == <ip> otherAP NAS-IP-Address == <ip>
Then in users instead of matching on NAS IP you match on Huntgroup-Name ==
Chris Carver Network Engineer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html