Limiting user accounts for specific devices

Peter Lambrechtsen plambrechtsen at gmail.com
Thu Dec 2 21:59:57 CET 2010


On Fri, Dec 3, 2010 at 7:24 AM, Garber, Neal
<Neal.Garber at iberdrolausa.com>wrote:

> > so it would need to be set per IP address or range only for
> > the limits so that the other users in AD can be used for that
>
> Have you thought about using huntgroups to group your NAS together and then
> authorize based upon Huntgroup-Name?
>

If you set the client shortname in your clients file to the same value for
all the same "types" of switches you can do that as well.  That's what we do
since we are using Dynamic Groups and using the client-shortname for auth:

In our users file:

DEFAULT Client-Shortname == "CiscoSwitch", Ldap-Group ==
"cn=SwitchAccess,o=Identities"
        Service-Type = "Login-User",
        Idle-Timeout = 600
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101203/3befc765/attachment.html>


More information about the Freeradius-Users mailing list