check the LDAP group (make a group that is relevant for device login)...then for your kit you want to protect, create eg soem client definition for it and use unlang eg client 127.0.0.1 { ... ... netdevice = yes .. } if (&client:netdevice = yes && LDAP-Group != networkmgmt) { On 9 May 2018 at 17:35, Mohiddin Shaik <kms31786@gmail.com> wrote:
Hello Everyone,
We have freeradius server with freeipa server backend for ldap authentication.
Currently we able to use and login freeipa ldap accounts using freeradius, each every user available on freeipa ldap is able to login in all devices where ever we configured freeradius. Some of the devices like network devices we want to restricted only specific users (group users) are allowed to login.
I a very new to this i tried but i am unable to figure out where should i mention/put restriction to check users group and allow to login.
Thanks, Mohiddin. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html