Device specific Access-Accept attributes and granular user group control

Matt Hite lists at beatmixed.com
Fri Feb 5 00:45:04 CET 2010


Hello --

I am running freeradius2-2.1.7 with MySQL as the backend datastore.

I've got a deployment up and running supporting the admin login to
about 200 switches from a single vendor. I'm looking to expand my
deployment and thus some new requirements have surfaced.

Requirements:

- Different brands of gear should get different VSAs and/or general
attributes returned in Access-Accept messages. For example, if I log
in from a Cisco device, I should get a different RADIUS attribute sent
back than when logging in from a F5 or a NetScreen.

- Some users can log into certain groups of devices, others should not
be able to

I'm fairly certain the #2 requirement will require the user of
huntgroups. Does anyone have any idea how to accomplish requirement
#1?

Thanks for your help in pointing me in the right direction.



More information about the Freeradius-Users mailing list