Limiting user accounts for specific devices

JARED HOOVER hooverj at edtools.psd401.net
Thu Dec 2 18:36:40 CET 2010


We have a bunch of HP switches that we're using radius authentication on to
configure.  Our freeradius server is configured to grab users from an active
directory server.  We want to be able to only allow a single user account to
be able to have rights to login to these switches so if any other account is
used it should be denied access.  I have to be able to pull this information
from AD so that the user password can be changed quickly by someone not
familiar with configuring radius.  Later on we're going to use this same
radius server to authenticate wireless access so it would need to be set per
IP address or range only for the limits so that the other users in AD can be
used for that.  I'm thinking there is a way to do this in clients.conf but
haven't found anything so far in my research.  Here's an example client we
have in our clients.conf:

client 10.0.0.251 {
        secret          = xxxxx
        shortname       = NOC_5308
}

Any help would be greatly appreciated.

Thanks,
Jared
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101202/0ac29069/attachment.html>


More information about the Freeradius-Users mailing list