huntgroups question
Kenneth Grady
klg at lanl.gov
Mon Nov 20 19:02:55 CET 2006
You can use the users file with:
DEFAULT NAS-IP-Address =~ "^123.123", ...
or
DEFAULT NAS-IP-Address !~ "^123.123", Auth-Type := Reject
Alexandru Dincov wrote:
>
> Hello,
> We plan to use freeradius for authenticating remote access to more
> than 2000 network devices (CISCO, Nortel, etc.) and we want to do some
> access control based on huntgroups. Users and RADIUS profiles are
> stored in an LDAP backend. Following freeradius documentation, we have
> to define all 2000+ IP addresses in huntgroups configuration file,
> apparently there is no way to use IP ranges for defining huntgroups.
> But this solution (having one huntgroups configuration file with more
> than 2000 entries for each freeradius server) would be very difficult
> to maintain. Anyone knows if there are any limitations in huntgroups
> size? Are there other solutions to have huntgroups functionality
> (access control based on NAS-IP-Address or Client-IP-Address) using IP
> address ranges?
> Thanks,
>
> Alex
>
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
More information about the Freeradius-Devel
mailing list