What will be the configuration then?
DEFAULT Huntgroup-Name==testldap, Ldap-Group == employee, Auth-Type := Pam Fall-Through = no
DEFAULT if (NAS-IP-Address >z.z.z.z && NAS-IP-Address< y.y.y.y) { Auth-Type:= Pam} else {
Auth-Type := Reject Reply-Message = "Please call the helpdesk." }
Does that make sense?
Not really. Sick to one thing - users file or unlang. I would recommend unlang. I already though about your advice to concetrate at unlang and to check in
sites-enabled/default --------------------- authorize { ldap if (Ldap-Group == "employee" && NAS-IP-Address == ^131\.(220)\.(1)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$) {ok} else if (Ldap-Group == "student" && NAS-IP-Address == ^131\.(220)\.(2)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$) {ok} else if (Huntgroup-Name == "testldap" && Ldap-Group == "student" ) {ok} else ............. else {reject} Is that right? Should Auth-Type:=Pam stay then in users? I read in another post from today "How to allow nas'es to serve only groups of clients?" that somebody tries to do almost the same with unlang and SQL-Groups what I'm trying to do with unlang and LDAP-Groups. It seems that unlang doesn't works with SQL-Groups so could it be that the same situation ist for LDAP-Groups too? I still have freeradius 1.1.7 and I would like to do urgent upgrade only if I can use unlang to check subnets and Ldap-Groups with it. If this is not possible, I would like to know. Is there maybe another way to check subnets? Can I user regex for example in huntgroups? Then I wouldn't need to use unlang and can stay some more time at my current version of freeradius. Greets Meyes
What you posted is a mixture of both but the essence is OK. Just use regex for checking subnets.