Hi Alan ,
[EMAIL PROTECTED] wrote: > Basavaraj Bendigeri <[EMAIL PROTECTED]> wrote: > >>I have one more question . This is regarding huntgroups . I assume >>huntgroups is for restricting users to certain groups , right ? >> > > No. Read the comments at the top of the huntgroups file. > I think I am phrasing the question incorrectly . Let me explain my question in detail, assume I have 2 NASs in my network , say NAS1 and NAS2 . Both send access requests to a radius server in the network . Say I have some users "A" , "B" , "C" ,"X" , "Y" and "Z" . I want users "A", "B", "C" to login to NAS1 and users "X","Y", and "Z" to login to NAS2 only . NAS1 => A , B , C NAS2 => X , Y ,Z Obviously now NAS1 will send the access requests for "A" , "B" and "C" The radius server should authenticate the users succesfully , ie it should respond with a access accept .The same should happen for users "X" , "Y" and "Z" . But in case "A" or "B" or "C" tries to login to NAS2 , radius should not allow it . Similarly if "X" , "Y" or "Z" tries to login to NAS1 , radius should not allow it in this case either. In both these cases radius should respond with a access reject . I want to implement this with radius and openldap as backend . Obviously one way I can think of doing is by using the users and huntgroups files and I did implement it that way . Let me explain as to how I did it . The users file contained the following directives : DEFAULT Auth-Type := LDAP, Huntgroup-Name == "localhost" Fall-Through = 1 DEFAULT Auth-Type := LDAP, Huntgroup-Name == "test1" Fall-Through = No and no other directives . The huntgroups file contained the following directives : localhost NAS-IP-Address == 127.0.0.1 User-Name == basavaraj test1 NAS-IP-Address == 64.104.131.182 User-Name == guest The radiusd.conf file contained the following directives for authorize module : authorize { preprocess suffix files ldap } So when a access request comes comes in from NAS 64.104.131.182 for user "guest" the radius server responds with access accept and the same happens with user "basavaraj" when the request comes in from NAS 127.0.0.1 . But if the request for "basavaraj" comes from NAS 64.104.131.182 , the radius server responds with access reject . The same happens for "guest" from NAS "127.0.0.1" .This solution satisfies my requirement . However, I want to know if this is the correct way of doing it ? Thanks in advance -Raj - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html