Restricting user to specific NAS Port
Sean Preston
sean at crypto.co.za
Tue Nov 11 12:28:10 CET 2008
Hi
2008/11/11 <tnt at kalik.net>:
> Use huntgroups to group ports.
>
> blah1 at example.com Huntgroup-Name == whatever
Thanks. I took a look at huntgroups and it looks userful but I think
it is not right for what I am trying to do. I think I did not explain
well enough.
I need to restrict a specifc user to say 2 specific NAS ports and then
define a different account to some different specific NAS ports.
Currently as long as an account is only ever going to use one NAS port
I can restrict it by adding the entry to the radcheck table. So for
example if I have 10 users, I have 10 entries with the NAS port and
the == operator. However if I want to add some accounts with multiple
entries then if I put more than one entry in radcheck for the same
username then it never authenticates because I assume it is trying to
ensure the user matches all entries which it obviously does not. If I
use the += operator or := operators then it never seems to restrict
but always authenticates no matter what the port is.
I hope this explains what I am trying to do a little better.
Regards
Sean
--
Sean Preston
More information about the Freeradius-Users
mailing list