On Wed, 2004-10-13 at 15:11, cris boisvert wrote:
>
>
> Iâm trying to setup Freeradius to reply differently based on the nas
> that the request comes from.
I am doing something similar, however I have used DEFAULT users to
specify which auth method is used. Based on the Huntgroup it assigns a
different Auth-Type:
IE in my users file I have:
DEFAULT HuntGroup-name == "group1", Auth-Type := auth1, Autz-Type :=
auth1
Fall-Through = no
DEFAULT Autz-Type := main, Auth-Type := Local
Framed-Protocol = PPP,
Service-Type = Framed-User,
Fall-Through = no
so anyone who comes in via NASes on hungroup "group1" are forced to use
AutZ-Type auth1 anyone else uses the default case which forces them to
use Autz-Type main (and also appends some global attributes :) ).
Works like a charm for me this way.
One thing it may be worth doing is in your huntgroups file not use the
NAS-IP-Address, but rather the Client-IP-Address, as the NAS-IP can be
spoofed (something I believe Alan recommended elsewhere on this list).
Hope that is of help.
--
-----
Graeme Hinchliffe (BSc)
Core Internet Systems Designer
Zen Internet (http://www.zen.co.uk/)
Direct: 0845 058 9074
Main : 0845 058 9000
Fax : 0845 058 9005
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
