how to define ACL like things in RADIUS

Ivan Kalik tnt at kalik.net
Tue May 12 15:15:48 CEST 2009


> I have configure Radius server with LDAP authentication, for performing
> AAA
> for Cisco Routers and Firwalls. Currently all users created in LDAP are
> getting equal priviledge of accessing all devices (NAS) configured with
> AAA.
> I want to allow a set of users to let access some devices (say only few
> routers) while to allow other set of users with access permission of all
> devices (including Routers and Firwalls).
> I am aware of  following:
>
>
> root         Auth-Type := Accept
>                 Reply-Message = "Your account has been disabled."
>
>  which deny all access to user root.

That allows access even without the password. Reject denies it.

> But I want some modification, i.e.
> root
> user will able to authenticate to only two NAS, 192.168.1.178 &
> 192.168.1.179.
>

Read about huntgroups/sqlhuntgroups.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list