huntgroup issue, multiple huntgroups per device

Charles Tompkins crt at thig.com
Wed Nov 15 19:02:28 CET 2006 

Thanks Neal!  That works like a champ.

Funny note: The attribute I chose to discriminate with isn't present in the
accounting requests, so I had to give vpn user huntgroup a 2nd entry and
attribute so accounting would work properly.

I appreciate the help.
Regards,
-Charles


-----Original Message-----
From: freeradius-users-bounces+crt=thig.com at lists.freeradius.org
[mailto:freeradius-users-bounces+crt=thig.com at lists.freeradius.org] On
Behalf Of Garber, Neal
Sent: Tuesday, November 14, 2006 3:51 PM
To: FreeRadius users mailing list
Subject: RE: huntgroup issue, multiple huntgroups per device

>Is it possible to have multiple huntgroups for the same NAS-IP-ADDRESS?
>I am running into this issue trying to configure a vpn appliance that
uses
>the same freeRADIUS server to authenticate its users as well as its
admins.

Yes, but something needs to distinguish the two (another attribute).
Are you saying that your appliance is using radius to authenticate VPN
users as well as to authenticate admins. that are using telnet/ssh/http
to administratively manage the appliance?  If so, check the request
attributes for each type of access.  Then, you can add the attribute
that lets you tell what access type the user is requesting.

For instance, I have an AP that uses FR to authenticate 802.11 users as
well as for local logons to the AP itself.  In my case, the
NAS-Port-Type allows me to discern the difference between the two types
of access.  For 802.11 user access, the AP sends NAS-Port-Type =
"Wireless-802.11" and for local logon, the AP sends NAS-Port-Type =
"Async" or "Virtual".  Figure out what's different in the request and
then you can have multiple NAS-IP-Address == 10.20.30.1 entries with
different values in the other attribute.  For example:

vpn        NAS-IP-Address == 10.20.30.1, NAS-Port-Type == "XXX"
                Group = VPNUSERS

vpn-admin  NAS-IP-Address == 10.20.30.1, NAS-Port-Type == "YYY"
                User-Name = admin1,
                User-Name = admin2


- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




CONFIDENTIAL NOTICE: This email including any attachments, contains 
confidential information belonging to the sender. It may also be 
privileged or otherwise protected by work product immunity or other 
legal rules. This information is intended only for the use of the 
individual or entity named above.  If you are not the intended 
recipient, you are hereby notified that any disclosure, copying, 
distribution or the taking of any action in reliance on the contents 
of this emailed information is strictly prohibited.  If you have 
received this email in error, please immediately notify us by 
reply email of the error and then delete this email immediately.

More information about the Freeradius-Users mailing list