Multiple Huntgroups for one User? 2nd Try
tnt at kalik.co.yu
tnt at kalik.co.yu
Mon Sep 17 17:56:07 CEST 2007
>RTR-Admins (which are allowed to access all CPE-IPs)
>- difficult (big net) so I want to use REGEX wildcards, which
>unfortunatly covers the FW-IPs
>
>
>huntgroups:
>
>FW-IPs NAS-IP-Address == "10.0.0.1"
>FW-IPs NAS-IP-Address == "10.0.0.2"
>FW-IPs NAS-IP-Address == "10.0.0.3"
>
>CPE-IPs NAS-IP-Address =~ '10\.0\..*\..*'
>
>TEST-IPs NAS-IP-Address == "10.0.255.1"
>TEST-IPs NAS-IP-Address == "10.0.255.2"
>TEST-IPs NAS-IP-Address == "10.0.255.3"
>
>
>users:
>
>anderson Huntgroup-Name == "CPE-IPs", Huntgroup-Name != "FW-IPs" (Is
>this possible ?!?)
>- for a user who should access all the 10.0.0.0/16 net except the FW IP's.
>
No. Do this:
anderson Huntgroup-Name == "FW-IPs", Auth-Type:=Reject (
it will cut down processing)
This is an example when you should set Auth-Type. CPE huntgroup includes
all others so can do away with it.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list