howto - reply items depending on check items (diffentet groups fordifferent nas-ip-addresses)
Ivan Kalik
tnt at kalik.net
Mon Mar 31 14:08:18 CEST 2008
Group devices in huntgroups and then use Huntgroup-Name, not individual
NAS-IP-Address.
Ivan Kalik
Kalik Informatika ISP
Dana 31/3/2008, "it00x32" <thomas.beer at dynabcs.at> piše:
>
>Hi,
>
>Here´s my problem: I need to create some user - group memebr model to
>authenticate with Juniper Netscreen firewalls. Lets say i ve 10 users and 10
>different customers with Firewalls. Now i need to give user 1 access to
>customer 1,2,3 user 2 access to customer 5.7,8 and so on.
>
>My idea is to check that with the NAS-IP-Address as the Check item and the
>NS-User-Group as reply item (authorisation is only granted if the reply
>NS-User-Group matches the one saved at the netscreen - this works - already
>tested!)
>
>so... somebody know how this can be done...?!
>i cant use multiple user entries in the users file as only the first is used
>.. e.g
>
>User1 Password == "OVID", NAS-IP-Address == "198.204.32.45"
> NS-User-Group = "access_gruppe_1"
>
>User1 Password = "OVID", NAS-IP-Address == "88.34.34.2"
> NS-User-Group = "access_gruppe_2"
>
>
>thx for your help!
>
>regards
>tom
>
>
>
>
>
>--
>View this message in context: http://www.nabble.com/howto---reply-items-depending-on-check-items-%28diffentet-groups-for-different-nas-ip-addresses%29-tp16392701p16392701.html
>Sent from the FreeRadius - User mailing list archive at Nabble.com.
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list