Sorry, First posting contained no subject header. This is a repost. I want to be able to specify which Wireless Access Points certain users can gain access from. Is there an attribute that I can set so that a user can only be authenticated if the request comes from a predetermined NAS or group of NASs? thnx.
On Thu, 2007-11-08 at 07:40 -0500, Terry Pelley wrote:
Sorry, First posting contained no subject header. This is a repost.
I want to be able to specify which Wireless Access Points certain users can gain access from.
Is there an attribute that I can set so that a user can only be authenticated if the request comes from a predetermined NAS or group of NASs?
Not a specific attribute, but there are lots of variations on techniques that can do this. Most basic: 1. Put WAPs into huntgroups 2. In the users file, do: # let user1 in group1 user1 Huntgroup-Name == "group1" Fall-Through = No # user2 in group2 user2 Huntgroup-Name == "group2" Fall-Through = No # default deny DEFAULT Auth-Type := Reject Slightly more complex: 1. Put the WAPs into huntgroups 2. Put the users into groups (see rlm_passwd for file-based, or use SQL/LDAP) 3. In the "users" file: # users in ug1 can access WAPs in wapg1 DEFAULT Huntgroup-Name == "wapg1", {My,SQL,LDAP}-Group == "ug1" Fall-Through = No There are many more variations using SQL and LDAP.
participants (2)
-
Phil Mayers -
Terry Pelley