Hi.

Finally I achieved it with the huntgroups. Adding a huntgroup with a nas and then adding this huntgroup to a specific user group.

Regards,

David

El 22 de marzo de 2012 14:05, Alan DeKok <aland@deployingradius.com> escribió:
David Seira wrote:
> I want to use the same freeradius server for authenticate several
> services like L2TP VPN, PPPoE server, captive portal, etc...

 Normally, you just create user accounts.  Everyone can log in from
everywhere.

> I would like to know what is the best way to achieve it. I don't know if
> it is best using several virtual servers, one per service, or through
> the called-station-id with the same virtual server. Is it possible to
> evaluate a request based on the NAS' called station id (regardless the
> user/pass)?

 Yes.

> In the above example, when the user1 try to login into the captive
> portal the freeradius should send an access-reject. Which is the best way?

 Use groups.  Put the users into groups, based on what they're allowed
to access.  Then, check the groups.  See the rlm_sql documentation for
how to do groups in SQL.

 Then, create logic saying "if NAS X and not group X, reject".

 The most important thing is getting the logic correct.  Write down
what you want to do.  Write down which fields of the RADIUS packet you
want to look at.  Worry about the syntax of the configuration files as
the *last* thing.

 Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html