user group allowed just a specific device.
Alan DeKok
aland at deployingradius.com
Wed Jul 26 15:16:12 CEST 2017
On Jul 26, 2017, at 9:09 AM, Kalil de A. Carvalho <kalilac at gmail.com> wrote:
> I'm running a FreeRADIUS which search user groups on the LDAP and permid or
> denny the access. Every think works fine but now I'm needing a new kind of
> restriction. There is a user group that they just can access some specific
> defice. So what I want is put this configuration to work. What I think:
>
> Is this configuration is possible?
Yes.
> Is this configuration is made on user file?
I would suggest no.
> Today my enviroment is working but the user group has access on all device.
> If I put the this new group, ou users, on the same where is working they
> will have access to all equipament and this is not what is needed.
It's simple. If you want to filter by device IP address, just do:
if ((Packet-Src-IP-Address == 192.0.2.3) &&
(LDAP-Group == "sales")) {
... do something ...
}
Alan DeKok.
More information about the Freeradius-Users
mailing list