AW: howto - reply items depending on check items (diffentetgroupsfordifferent nas-ip-addresses)
Ivan Kalik
tnt at kalik.net
Tue Apr 1 14:01:53 CEST 2008
radiusd -X from the request.
Ivan Kalik
Kalik Informatika ISP
Dana 1/4/2008, "it00x32" <thomas.beer at dynabcs.at> piše:
>
>Thx for your hint,
>
>i changed my sql table and the conf as you described. But somehow it still
>doesnt check the NAS-IP-Address field in the usergroup table.
>
>Any idea?
>
>
>Ivan Kalik wrote:
>>
>> So you want user1 to have access to devices 1, 2 and 3, user2 to 2, 3 and
>> 4 etc.? This can be done with the database. You can extend the usergroup
>> table to have NASIPAddress field as well and add AND NASIPAddress =
>> '%{NAS-IP-Address}' to group_membership_query. In that way user-NAS
>> pair will determine the group.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>> Dana 31/3/2008, "Beer Thomas" <Thomas.Beer at dynabcs.at> piĹĄe:
>>
>>>But ist not possible to use the same nas-ip in different huntgroups (i
>would need that to use a huntgroup like a access group for each user)?!
>>>
>>>Thx
>>>regards
>>>
>>>-----UrsprĂźngliche Nachricht-----
>>>Von: freeradius-users-bounces+thomas.beer=dynabcs.at at lists.freeradius.org
>[mailto:freeradius-users-bounces+thomas.beer=dynabcs.at at lists.freeradius..org]
>Im Auftrag von Ivan Kalik
>>>Gesendet: Montag, 31. März 2008 14:08
>>>An: FreeRadius users mailing list
>>>Betreff: Re: howto - reply items depending on check items (diffentet
>groups fordifferent nas-ip-addresses)
>>>
>>>Group devices in huntgroups and then use Huntgroup-Name, not individual
>>>NAS-IP-Address.
>>>
>>>Ivan Kalik
>>>Kalik Informatika ISP
>>>
>>>
>>>Dana 31/3/2008, "it00x32" <thomas.beer at dynabcs.at> piĹĄe:
>>>
>>>>
>>>>Hi,
>>>>
>>>>Here´s my problem: I need to create some user - group memebr model to
>>>>authenticate with Juniper Netscreen firewalls. Lets say i ve 10 users and
>10
>>>>different customers with Firewalls. Now i need to give user 1 access to
>>>>customer 1,2,3 user 2 access to customer 5.7,8 and so on.
>>>>
>>>>My idea is to check that with the NAS-IP-Address as the Check item and
>the
>>>>NS-User-Group as reply item (authorisation is only granted if the reply
>>>>NS-User-Group matches the one saved at the netscreen - this works -
>already
>>>>tested!)
>>>>
>>>>so... somebody know how this can be done...?!
>>>>i cant use multiple user entries in the users file as only the first is
>used
>>>>.. e.g
>>>>
>>>>User1 Password == "OVID", NAS-IP-Address == "198.204.32.45"
>>>> NS-User-Group = "access_gruppe_1"
>>>>
>>>>User1 Password = "OVID", NAS-IP-Address == "88.34.34.2"
>>>> NS-User-Group = "access_gruppe_2"
>>>>
>>>>
>>>>thx for your help!
>>>>
>>>>regards
>>>>tom
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>--
>>>>View this message in context:
>http://www.nabble.com/howto---reply-items-depending-on-check-items-%28diffentet-groups-for-different-nas-ip-addresses%29-tp16392701p16392701.html
>>>>Sent from the FreeRadius - User mailing list archive at Nabble.com.
>>>>
>>>>
>>>>-
>>>>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>>>
>>>-
>>>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>>>
>>>-
>>>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>>>
>>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>>
>
>--
>View this message in context: http://www.nabble.com/howto---reply-items-depending-on-check-items-%28diffentet-groups-for-different-nas-ip-addresses%29-tp16392701p16418175.html
>Sent from the FreeRadius - User mailing list archive at Nabble.com.
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list