Huntgroups and Network of Clients

HRZ Konten hrzkonten at uni-bonn.de
Mon Mar 9 16:37:39 CET 2009


Hi all,

I use Freeradius 1.1.7  (yes, sorry I know it is a little bit old but
there is no time to upgrade :(

I want that the requests from some servers are checked and authenticated
through LDAP-Groups for example
Requests from IP x.x.x.x should be authenticate only if the user is in
ldap-group employee, tha same for
IP y.y.y.y . Then I have some other servers with requests that don't
need LDAP authorisation.

I used the Huntgroups to define the first two servers als huntgroup
"testldap" and the rest as huntgroup "all".
That functions great for IP Addresses. The list ist long, but still ok.
Only if I want to do that for network of clients this doesn't work.  The
problem is that I must list all of the servers that should gain access
and I have a lot of PC-Pools which use radius to authenticate. In the
client.conf they are written with the network addresses, that doesn't
work in huntgroups file. I don't want to list all of the PC-Pool members
in the Huntgroups because there are too many...


Does Huntgroup support only IP-Addresses or I can fill up Network
Addresses too?
Or there is another workaround? Or maybe this issue is already changed
in the new version 2.3.1?


users
--------
DEFAULT Huntgroup-Name==testldap, Ldap-Group == employee, Auth-Type := Pam
        Fall-Through = no
DEFAULT Huntgroup-Name==all, Auth-Type := Pam
        Fall-Through = no
DEFAULT Auth-Type := Reject
        Reply-Message = "Please call the helpdesk."



huntgroups
-----------------
#Test LDAP
testldap       NAS-IP-Address == x.x.x.x
testldap       NAS-IP-Address == y.y.y.y
#All Users
all            NAS-IP-Address == a.a.a.a
....
all            NAS-IP-Address == z.z.z.z/26

Greets,
Meyes



More information about the Freeradius-Users mailing list