I forgot to mention that I use MySQL to manage my users and NAS. In the table that records the users exists a field 'radnas_id' where I can tell the NAS that he is entitled to connect, but can not enable this restriction
I Believe you have to use Huntgroups to do that http://wiki.freeradius.org/SQL_Huntgroup_HOWTO On Tue, May 10, 2011 at 3:30 PM, Marcos TP <markinn@gmail.com> wrote:
I forgot to mention that I use MySQL to manage my users and NAS. In the table that records the users exists a field 'radnas_id' where I can tell the NAS that he is entitled to connect, but can not enable this restriction - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello, Huntgroups I know, but the functionality it provides me not for me. I need the user only has permission to access a NAS, as much as I could with Huntgroups was to restrict the access group, because several groups have access, containing their speed and can not do the search for access group, but by concentrator. I think the lock should be in the Login table, where I have a field to indicate which NAS that User has access. Making then the file sql.conf the restriction that user response to this condition. Someone followed my reasoned I Believe you have to use Huntgroups to do that
http://wiki.freeradius.org/SQL_Huntgroup_HOWTO
On Tue, May 10, 2011 at 3:30 PM, Marcos TP <markinn@gmail.com> wrote:
I forgot to mention that I use MySQL to manage my users and NAS. In the table that records the users exists a field 'radnas_id' where I can tell the NAS that he is entitled to connect, but can not enable this restriction - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2011/5/10 Marcos TP <markinn@gmail.com>:
Hello, Huntgroups I know, but the functionality it provides me not for me. I need the user only has permission to access a NAS, as much as I could with Huntgroups was to restrict the access group, because several groups have access, containing their speed and can not do the search for access group, but by concentrator. I think the lock should be in the Login table, where I have a field to indicate which NAS that User has access. Making then the file sql.conf the restriction that user response to this condition.
Someone followed my reasoned
I Believe you have to use Huntgroups to do that
http://wiki.freeradius.org/SQL_Huntgroup_HOWTO
On Tue, May 10, 2011 at 3:30 PM, Marcos TP <markinn@gmail.com> wrote:
I forgot to mention that I use MySQL to manage my users and NAS. In the table that records the users exists a field 'radnas_id' where I can tell the NAS that he is entitled to connect, but can not enable this restriction - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I am not using mysql but I've found how to do it: http://lists.freeradius.org/pipermail/freeradius-users/2011-April/msg00245.h... HTH -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org
On Tue, May 10, 2011 at 01:59:44PM -0300, Marcos TP wrote:
Huntgroups I know, but the functionality it provides me not for me. I need the user only has permission to access a NAS, as much as I could with Huntgroups was to restrict the access group, because several groups have access, containing their speed and can not do the search for access group, but by concentrator.
Read the "unlang" documentation; then add some logic in the "authorize" section of your server config. You don't even need huntgroups if you're just authorizing a single NAS-IP-Address: if ("%{control:Permitted-NAS}" && "%{control:Permitted-NAS}" != NAS-IP-Address) { reject } However I'd suggest you use huntgroups for greater flexibility. if ("%{control:Permitted-Huntgroup}" && "%{control:Permitted-Huntgroup}" != Huntgroup-Name) { reject } Using this approach, you'd need to add a new attribute in your dictionary, such as "Permitted-NAS" and "Permitted-Huntgroup" in the examples above (I just picked these at random) Then in the radcheck table for the user, set the control attribute: Permitted-NAS := 1.2.3.4 That's one way to do it anyway.
I think the lock should be in the Login table, where I have a field to indicate which NAS that User has access.
Ah, well if you have a custom schema, then you need to show the schema. If you have a "users" table and you do a join to select the radcheck attributes, then you could just change the query you're using, limiting it to only matching the expected NAS-IP-Address or Huntgroup-Name: ... AND (permitted_nas = '%{NAS-IP-Address}' OR permitted_nas IS NULL) alternatively: ... AND (permitted_huntgroup = '%{Huntgroup-Name}' OR permitted_huntgroup IS NULL) Regards, Brian.
participants (4)
-
Brian Candler -
Marcos TP -
Sergio Belkin -
Tyller D