Huntgroups-Problem (bug or feature ?)
Lutz Petersen
lp at shlink.de
Wed Jun 22 11:07:07 CEST 2005
We have the following szenario, in which i got a problem:
We use huntgroups to allocate different types of dialins (isdn,
dsl, and so on). So we have a huntgroups File which looks similar
to this:
xDSL NAS-IP-Address == 1.1.1.1
xDSL NAS-IP-Address == 1.1.1.2
xDSL NAS-IP-Address == 1.1.1.3
Wireless-802.11 NAS-IP-Address == 1.1.2.1
Wireless-802.11 NAS-IP-Address == 1.1.2.2
Wireless-802.11 NAS-IP-Address == 1.1.2.3
and so on. Access is huntgroup based, and via Calling-Station-Id
or NAS-Port-Type attributes and so on.
Now, we tried to make special groups for admin access on different
servers. So we added some groups like
AdminA NAS-IP-Address == 1.1.1.1
AdminA NAS-IP-Address == 1.1.2.1
AdminB NAS-IP-Address == 1.1.1.3
AdminB NAS-IP-Address == 1.1.2.3
and so on. Reason was to get a radius based way which admin (group) will
be allowed to get access on which NAS (additional to other restrictions).
Now, it doesn't work. As I checked out, it doesn't work when an
ip address of a NAS was within the huntgroups file earlier for
another group. So my question: is it ok not to build different
huntgroups which contains in some cases servers with the same
ip address ? Or other questioned - why ? That would be a nice
feature. Ok, not an daily configuration scheme, but it would
help to do some access restriction things.
More information about the Freeradius-Users
mailing list