Hosts restriction with FreeRadius and OpenLDAP

tnt at tnt at
Thu Jan 29 14:02:10 CET 2009

>I'm setting up a freeradius configuration for authenticating users on a
>number of technologies (pix, nokia, ...). Users accounts are stored in a
>backend OpenLDAP.
>I'm willing to allow users to authenticate to specific machines, that I
>would like to choose and administrer from the accounts on the LDAP server
>(in a centralized manner).
>Is this possible, and how could I implement it?

Create a huntgroup with IPs of the machines from which administartors can
log in. Then add to users file:

DEFAULT   Ldap-Group = admin_group,Huntgroup-Name != whatever, Auth-Type
:= Reject

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list