how to define ACL like things in RADIUS
Ivan Kalik
tnt at kalik.net
Tue May 12 15:15:48 CEST 2009
> I have configure Radius server with LDAP authentication, for performing
> AAA
> for Cisco Routers and Firwalls. Currently all users created in LDAP are
> getting equal priviledge of accessing all devices (NAS) configured with
> AAA.
> I want to allow a set of users to let access some devices (say only few
> routers) while to allow other set of users with access permission of all
> devices (including Routers and Firwalls).
> I am aware of following:
>
>
> root Auth-Type := Accept
> Reply-Message = "Your account has been disabled."
>
> which deny all access to user root.
That allows access even without the password. Reject denies it.
> But I want some modification, i.e.
> root
> user will able to authenticate to only two NAS, 192.168.1.178 &
> 192.168.1.179.
>
Read about huntgroups/sqlhuntgroups.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list