Am using two linksys access points for my wireless client. In one of my access points i want to restrict the users connecting to it, ist possible to do this using huntgroup. If so can someone show some light or provide a sample config to do it. thanks, Kartthik -- _______________________________________________ Search for businesses by name, location, or phone number. -Lycos Yellow Pages http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp...
Kartthik Raghunathan wrote:
Am using two linksys access points for my wireless client. In one of my access points i want to restrict the users connecting to it, ist possible to do this using huntgroup. If so can someone show some light or provide a sample config to do it.
thanks, Kartthik
Sure, but if you only have 2 its probably not necessary. You could just do this in the users file: default NAS-IP-Address == <ap ip to restrict>, Auth-Type := Reject Of course, you might not simply want to reject them. But you can match on the ip of the ap in the users file and do whatever you want. If you wanted to do it with huntgroups you'd have to add two entries in the huntgroups file: restrictedAP NAS-IP-Address == <ip> otherAP NAS-IP-Address == <ip> Then in users instead of matching on NAS IP you match on Huntgroup-Name == Chris Carver Network Engineer
I have a similar situation. I have several chillispot APs, and want users to only login to their 'home' AP, and not others. I'm using mysql backend to Freeradius. if I use NAS-IP-Address == <ap ip to restrict>, Auth-Type := Reject in the radcheck table it seems there is nothing that ties them together. I know it shouldn't be that hard to limit users to a certian AP, I'm still quite new to radius. Thanks for any suggestions! - marshall On 6/9/06, Chris Carver <ccarver@pennswoods.net> wrote:
Kartthik Raghunathan wrote:
Am using two linksys access points for my wireless client. In one of my access points i want to restrict the users connecting to it, ist possible to do this using huntgroup. If so can someone show some light or provide a sample config to do it.
thanks, Kartthik
Sure, but if you only have 2 its probably not necessary. You could just do this in the users file:
default NAS-IP-Address == <ap ip to restrict>, Auth-Type := Reject
Of course, you might not simply want to reject them. But you can match on the ip of the ap in the users file and do whatever you want. If you wanted to do it with huntgroups you'd have to add two entries in the huntgroups file:
restrictedAP NAS-IP-Address == <ip> otherAP NAS-IP-Address == <ip>
Then in users instead of matching on NAS IP you match on Huntgroup-Name ==
Chris Carver Network Engineer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"rabbtux rabbtux" <rabbtux@gmail.com> wrote:
I have a similar situation. I have several chillispot APs, and want users to only login to their 'home' AP, and not others. I'm using mysql backend to Freeradius.
Put the users into a group (see rlm_passwd), and then match on NAS IP, and if NOT in that group, reject. Alan DeKok.
Thanks Alan. I want some users to only use one AP, while other users can use that AP and other APs as well. I don't think the logic will work for my case. I understand how to create groups and assign logins to them in the various mysql database tables (usergroup,radcheck,etc), but when you say to 'match' on a parameter & do something as a result I'm a little lost. Do I put this kind of logic in one of the sections of the radiusd.conf file? Thanks - marshall On 6/10/06, Alan DeKok <aland@nitros9.org> wrote:
"rabbtux rabbtux" <rabbtux@gmail.com> wrote:
I have a similar situation. I have several chillispot APs, and want users to only login to their 'home' AP, and not others. I'm using mysql backend to Freeradius.
Put the users into a group (see rlm_passwd), and then match on NAS IP, and if NOT in that group, reject.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'd be happy to try it, however, I'm a nubie to freeradius, not mysql or php. I understand how to create groups and assign logins to them in the various mysql database tables (usergroup,radcheck,etc), but when you say to 'match' on a parameter & do something as a result I'm a little lost. Do I put this kind of logic in one of the sections of the radiusd.conf file? Thanks - marshall On 6/12/06, Alan DeKok <aland@nitros9.org> wrote:
"rabbtux rabbtux" <rabbtux@gmail.com> wrote:
I want some users to only use one AP, while other users can use that AP and other APs as well. I don't think the logic will work for my case.
Yes, it will. Try it.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"rabbtux rabbtux" <rabbtux@gmail.com> wrote:
I understand how to create groups and assign logins to them in the various mysql database tables (usergroup,radcheck,etc), but when you say to 'match' on a parameter & do something as a result I'm a little lost.
Read the rlm_sql documentation. See the examples.
Do I put this kind of logic in one of the sections of the radiusd.conf file?
No. There is no documentation or examples saying to do that. Alan DeKok.
participants (4)
-
Alan DeKok -
Chris Carver -
Kartthik Raghunathan -
rabbtux rabbtux