Different IP Pool for different group user

Yanrui Hu yhu at appannie.com
Wed Nov 11 03:30:14 CET 2015 

Guys,
Let me explain my problem briefly.
I want different group user get different ip pool.

Here is the settings:
*===users*
DEFAULT Pool-Name := "tc_pool"
Fall-Through = Yes
*===sites-enabled/default*
post_auth......

 if (SQL-Group == "restricted") {

         tc_pool

     }

     else {

        main_pool

     }

*===modules/ippool*

ippool main_pool {

            range-start = 172.16.10.1

            range-stop = 172.16.10.254

            netmask = 255.255.255.0

            cache-size = 254

            session-db = ${raddbdir}/db.ipmainpool

            ip-index = ${raddbdir}/db.ipmainindex

            override = no

            maximum-timeout = 0

    }

ippool tc_pool {

            range-start = 172.26.11.1

            range-stop = 172.26.11.254

            netmask = 255.255.255.0

            cache-size = 254

            session-db = ${raddbdir}/db.ipsecondary26pool

            ip-index = ${raddbdir}/db.ipsecondary26index

            override = no

            maximum-timeout = 0

    }


*Test result, if use a user in restricted group. There will be a
Frame_IP_address in access_accept.*

*But if a user not in this group, the radius log is:*

? Evaluating (SQL-Group == "restricted") -> FALSE

++? if (SQL-Group == "restricted") -> FALSE

++else else {

+++[main_pool] = noop

++} # else else = noop

......

Sending Access-Accept of id 140 to 127.0.0.1 port 60577

MS-MPPE-Encryption-Policy = 0x00000001

MS-MPPE-Encryption-Types = 0x00000006

MS-MPPE-Send-Key = 0xb4c7f85ed7a94628e635e6b7d933c39a

MS-MPPE-Recv-Key = 0x024db770d98a83bdf54a7512e8f4a4ad

EAP-Message = 0x03020004

Message-Authenticator = 0x00000000000000000000000000000000

User-Name = "3dd5ac675d704831a89e2475f97f575f"

Finished request 2.


-- 
Best Regards,

Yanrui Hu

-- 
*This email may contain or reference confidential information and is 
intended only for the individual to whom it is addressed.  Please refrain 
from distributing, disclosing or copying this email and the information 
contained within unless you are the intended recipient.  If you received 
this email in error, please notify us at legal at appannie.com 
<legal at appannie.com>** immediately and remove it from your system.*

More information about the Freeradius-Users mailing list