Device specific Access-Accept attributes and granular user group control

Matt Hite lists at
Fri Feb 5 00:45:04 CET 2010

Hello --

I am running freeradius2-2.1.7 with MySQL as the backend datastore.

I've got a deployment up and running supporting the admin login to
about 200 switches from a single vendor. I'm looking to expand my
deployment and thus some new requirements have surfaced.


- Different brands of gear should get different VSAs and/or general
attributes returned in Access-Accept messages. For example, if I log
in from a Cisco device, I should get a different RADIUS attribute sent
back than when logging in from a F5 or a NetScreen.

- Some users can log into certain groups of devices, others should not
be able to

I'm fairly certain the #2 requirement will require the user of
huntgroups. Does anyone have any idea how to accomplish requirement

Thanks for your help in pointing me in the right direction.

More information about the Freeradius-Users mailing list