Restricting dialup users to certain client definitions only
tnt at kalik.net
tnt at kalik.net
Tue Dec 23 11:13:02 CET 2008
>Only problem I see with this approach is that I have to assign every user to
>two groups now in radusersgroup table.
>
>Or.. Is there a better way?
>
Well, different. Don't know about better: use huntgroups.
onlythisgroup Client-IP-Address == some address
SQL-Group == "thisgroup"
multigroup Client-IP-Address == another address
SQL-Group == "groupone",
SQL-Group == "grouptwo"
If your client-group mappings are static it will work well.
Straightforward as long as you don't have to return anyhing as a reply
for rejected users. You will need to utilize Post-Auth-Type REJECT if
that is the case.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list