Accept authentication from a list of equipments

nicolaskarp at free.fr nicolaskarp at free.fr
Sat Jul 21 10:46:24 CEST 2007



Yes I know but how ? It's not a simple equipment, it's a network

192.168.0.0 / 24 : Users1
192.168.1.0 / 24 : Users2
10.0.0.0 / 8 : Users1
...... (and other networks : 1800 equipments)

If i make this with the huntgroupfile,  i  will  type :

#NAS1 Equipment (Ldap Group :  Dev-Equipment)
NAS1 NAS-IP-ADDRESS = 192.168.0.1
NAS1 NAS-IP-ADDRESS = 192.168.0.2
NAS1 NAS-IP-ADDRESS = 192.168.0.3
NAS1 NAS-IP-ADDRESS = 192.168.0.4
...
...
NAS1 NAS-IP-ADDRESS = 192.168.0.254

#NAS2 Equipment ( Ldap Group : Prod-Equipment)
NAS2 NAS-IP-ADDRESS = 192.168.1.1
NAS2 NAS-IP-ADDRESS = 192.168.1.2
...
...
NAS1 NAS-IP-ADDRESS = 192.168.1.254
etc..

I can't type :
NAS2 NAS-IP-ADDRESS = 192.168.1.0/24 ?


So how I can make the difference between the devices (==> Authentication with an
other Ldap Group) ?


Thanks

Nicolas.

tnt at kalik.co.yu wrote:
> Try Called-Station-Id.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 20/7/2007, "nicolaskarp at free.fr" <nicolaskarp at free.fr> piše:
>
>> Hello Everybody,
>>
>>
>> We have several network equipments with radius athentication. We want to
limit
>> the access to several administrators. We use a radius-proxy and a radius
server
>> with a LDAP base.
>>
>>
>> For example :
>>
>>
>> We have two NAS : NAS1 and NAS2
>> Two groups of users USERS1 and USERS2 in the LDAP base. USERS1 can access to
>> NAS1 and USER2 can access to NAS2.
>>
>>
>> Proxy configuration :
>>
>> ** clients.conf **
>>
>> NAS1 {
>> hostname = NAS1
>> secret =  NAS1_SECRET
>> }
>>
>> NAS2 {
>>  hostname = NAS2
>>  secret = NAS2_SECRET
>> }
>>
>> ** proxy.conf **
>>
>> realm null {
>>  type = radius
>>  authhost = radius_server
>>  accthost = radius_server
>>  secret = RADIUS_SECRET
>> }
>>
>>
>> Radius_configuration :
>>
>> ** HUNTGROUP **
>>
>> cisco NAS-IP-ADDRESS = IP_PROXY
>>
>> ** USERS **
>>
>> DEFAULT Huntgroup-Name == cisco, instance_openldap-Ldap-Group == ??? USERS1
or
>> USER2 ???
>> # It's USERS1 for NAS1 and USER2 for NAS2, but the proxy rewrite the
>> NAS_IP_Address by its address :( I can't differenciate the NAS_IP because
it's
>> the PROXY IP.
>>
>>
>> How can I do differenciate these equipments ?  For information,  My
equipments
>> are Cisco equipment.
>>
>>
>> Thanks for your assistance !
>>
>> Nicolas.
>> -
>> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>>
>>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list