Huntgroups and Network of Clients
tnt at kalik.net
tnt at kalik.net
Thu Mar 12 15:51:16 CET 2009
>
>sites-enabled/default
>---------------------
>authorize
>{
>ldap
>
> if (Ldap-Group == "employee" && NAS-IP-Address == ^131\.(220)\.(1)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$)
> {ok} else
>
> if (Ldap-Group == "student" && NAS-IP-Address == ^131\.(220)\.(2)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$)
> {ok} else
> if (Huntgroup-Name == "testldap" && Ldap-Group == "student" )
> {ok} else
>..............
> else {reject}
>
>
>Is that right?
No. But if you remove else and change if to elsif it will be.
>
>Should Auth-Type:=Pam stay then in users?
>
Yes. Or you can put it in here instead of ok.
>
>I read in another post from today "How to allow nas'es to serve only
>groups of clients?" that somebody tries to do almost the same with
>unlang and SQL-Groups what I'm trying to do with unlang and LDAP-Groups.
>It seems that unlang doesn't works with SQL-Groups so could it be that
>the same situation ist for LDAP-Groups too?
== should work. It seems that != doesn't work in unlang with those
attributes.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list