user group allowed just a specific device.
Kalil de A. Carvalho
kalilac at gmail.com
Wed Jul 26 15:55:51 CEST 2017
Hello Alan.
Thanks for you replay.
Let me ask another think:
It is possible I change Packet-Src-IP-Address for a network range like
192.0.2.1-254
or 192.0.2.0/24? Is there any statiment for network?
Best regards.
On Wed, Jul 26, 2017 at 10:16 AM, Alan DeKok <aland at deployingradius.com>
wrote:
> On Jul 26, 2017, at 9:09 AM, Kalil de A. Carvalho <kalilac at gmail.com>
> wrote:
> > I'm running a FreeRADIUS which search user groups on the LDAP and permid
> or
> > denny the access. Every think works fine but now I'm needing a new kind
> of
> > restriction. There is a user group that they just can access some
> specific
> > defice. So what I want is put this configuration to work. What I think:
> >
> > Is this configuration is possible?
>
> Yes.
>
> > Is this configuration is made on user file?
>
> I would suggest no.
>
> > Today my enviroment is working but the user group has access on all
> device.
> > If I put the this new group, ou users, on the same where is working they
> > will have access to all equipament and this is not what is needed.
>
> It's simple. If you want to filter by device IP address, just do:
>
> if ((Packet-Src-IP-Address == 192.0.2.3) &&
> (LDAP-Group == "sales")) {
> ... do something ...
> }
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
--
Atenciosamente,
Kalil de A. Carvalho
More information about the Freeradius-Users
mailing list