user group allowed just a specific device.

Alan DeKok aland at
Wed Jul 26 15:16:12 CEST 2017

On Jul 26, 2017, at 9:09 AM, Kalil de A. Carvalho <kalilac at> wrote:
> I'm running a FreeRADIUS which search user groups on the LDAP and permid or
> denny the access. Every think works fine but now I'm needing a new kind of
> restriction. There is a user group that they just can access some specific
> defice. So what I want is put this configuration to work. What I think:
> Is this configuration is possible?


> Is this configuration is made on user file?

  I would suggest no.

> Today my enviroment is working but the user group has access on all device.
> If I put the this new group, ou users, on the same where is working they
> will have access to all equipament and this is not what is needed.

  It's simple.  If you want to filter by device IP address, just do:

	if ((Packet-Src-IP-Address == &&
	    (LDAP-Group == "sales")) {
		... do something ...

  Alan DeKok.

More information about the Freeradius-Users mailing list