restricting access for users

Martial VdB mdbnoc at hotmail.com
Tue Jun 14 10:30:37 CEST 2005 

Thank you Dustin this works!!

I'll be making a detailled description on how it works now. Maybe it can be 
posted? if not just send me an email and I will send it to anyone who wants 
it.

Maybe I can contribute back this way

Thanks again!!!
Martial

>From: Dustin Doris <freeradius at mail.doris.cc>
>Reply-To: FreeRadius users mailing list 
><freeradius-users at lists.freeradius.org>
>To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
>Subject: RE: restricting access for users
>Date: Mon, 13 Jun 2005 09:49:00 -0400 (EDT)
>
>
>
>Try this.
>
>huntgroups
> > diegem             NAS-IP-Address == 10.5.x.x
> > diegem             NAS-IP-Address == 10.5.x.x
> > diegem             NAS-IP-Address == 10.5.x.x
> > brussels            NAS-IP-Address == 10.2.x.x
>
>
>users file
>
>#note: there is no default auth-type = system here
>
>DEFAULT Group == NOC, Auth-Type := System
>	replyattrs = replyvalues
>
>bob	Huntgroup-Name == diegem, Auth-Type := System
>	replyattrs = replyvalues...
>
>somebrusselluser	Huntgroup-Name == brussells, Auth-Type := System
>	reply attrs
>
>DEFAULT	Auth-Type := Reject
>
>That means:
>
>If user is in group NOC, match here and authorize the user using system
>If user bob is coming from huntgroup diegam, match here and authorize user
>If user somebrusselluser is coming from huntgroup brussells, match
>If no matches on above, reject the user
>
>I suspect that your DEFAULT Auth-Type = system entry is at the top of your
>users file.  Then you have some matching rules.  You have a user that
>comes in but won't match any of your matching rules, so it will default to
>the auth-type = system entry that it matched at first and simply authorize
>the user with system.
>
>What I have above, specifies to use system when it matches each user entry
>or the group entry.  If there is no match, then it tells you to reject the
>user.
>
>
>
>
>-
>List info/subscribe/unsubscribe? See 
>http://www.freeradius.org/list/users.html

_________________________________________________________________
Free blogging with MSN Spaces  http://spaces.msn.com/?mkt=nl-be

More information about the Freeradius-Users mailing list