> > Actually I should clarify. If I understand you correctly, I would need to > > put in an entry for each client NAS box, rather than just each client > > PROXY box. > > No, no, no, no. > > > I don't know all the NAS IP's and they could change. > > Exactly. > > > Can I do this based on the Proxy IP only? > > Yes. The Client-IP-Address is the address of the RADIUS client, > whether it's a proxy or a NAS. It's added to the request internally, > by rlm_preprocess. > > The NAS-IP-Address is an attribute inside of the RADIUS packet. > Treat it with suspicion, as the NAS can lie.
OK, that all makes sense. > > Use Regexp's to classify them by their 'short-name' when definining > > which default profile to use? > > Huntgroups should work, as Frank pointed out. Define 'Huntgroup-A', > etc. in the huntgroup file, and then key on that in the 'users' file. OK, this seems like the right overall direction, but one question -- in the 'huntgroups' documentation, it looks like a Huntgroup is defined exclusively by the use of the NAS-IP-Address and NAS-Port-ID attributes. Based on what you said above, it sounds like I don't want to use NAS-IP-Address, but rather Client-IP-Address. Can I define a huntgroup based on Client-IP-Address (or based on any other A/V pairs)? If so, cool. If not, do I then want to use NAS-IP-Address, and if that's the case, will that end up being the proxy IP or the NAS IP? Regards, Dave ===================================================================== David C. Troy [[EMAIL PROTECTED]] 410-544-6193 Sales ToadNet - Want to go fast? 410-544-1329 FAX 570 Ritchie Highway, Severna Park, MD 21146-2925 www.toad.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
