Grant access to a groups of users to a determinated subnets

Wed Jan 29 15:15:13 CET 2020

On Wed, 2020-01-29 at 14:06 +0000, Condor via Freeradius-Users wrote:
>   Sorry for ask again, there is an alternative to hunt group regex
> for subnet? unlang is possible maybe, but i don't understand how to
> use it. Someone could please point me some example

https://freeradius.org/radiusd/man/unlang.html

if (&NAS-IP-Address =~ /^192\.168\.(1?\d\d?|2[0-4]\d|25[0-5])\.(1?\d\d?|2[0-4]\d|25[0-5])$/) {
  update control {
    &Huntgroup-Name == "gNetworking"
  }
}

You can also check if IPs are in a particular network - see the man
page. e.g.

if (<ipaddr>192.0.2.1 < 192.0.2.0/24) {
  ...
}

if (&NAS-IP-Address < 192.0.2.0/24) {
  ...
}

-- 
Matthew