Freeradius for several services
David Seira
davidseira at gmail.com
Fri Mar 23 08:55:46 CET 2012
Hi.
Finally I achieved it with the huntgroups. Adding a huntgroup with a nas
and then adding this huntgroup to a specific user group.
Regards,
David
El 22 de marzo de 2012 14:05, Alan DeKok <aland at deployingradius.com>escribió:
> David Seira wrote:
> > I want to use the same freeradius server for authenticate several
> > services like L2TP VPN, PPPoE server, captive portal, etc...
>
> Normally, you just create user accounts. Everyone can log in from
> everywhere.
>
> > I would like to know what is the best way to achieve it. I don't know if
> > it is best using several virtual servers, one per service, or through
> > the called-station-id with the same virtual server. Is it possible to
> > evaluate a request based on the NAS' called station id (regardless the
> > user/pass)?
>
> Yes.
>
> > In the above example, when the user1 try to login into the captive
> > portal the freeradius should send an access-reject. Which is the best
> way?
>
> Use groups. Put the users into groups, based on what they're allowed
> to access. Then, check the groups. See the rlm_sql documentation for
> how to do groups in SQL.
>
> Then, create logic saying "if NAS X and not group X, reject".
>
> The most important thing is getting the logic correct. Write down
> what you want to do. Write down which fields of the RADIUS packet you
> want to look at. Worry about the syntax of the configuration files as
> the *last* thing.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120323/0fd50d91/attachment-0001.html>
More information about the Freeradius-Users
mailing list