Hello Everybody,
We have several network equipments with radius athentication. We want to limit
the access to several administrators. We use a radius-proxy and a radius server
with a LDAP base.
For example :
We have two NAS : NAS1 and NAS2
Two groups of users USERS1 and USERS2 in the LDAP base. USERS1 can access to
NAS1 and USER2 can access to NAS2.
Proxy configuration :
** clients.conf **
NAS1 {
hostname = NAS1
secret = NAS1_SECRET
}
NAS2 {
hostname = NAS2
secret = NAS2_SECRET
}
** proxy.conf **
realm null {
type = radius
authhost = radius_server
accthost = radius_server
secret = RADIUS_SECRET
}
Radius_configuration :
** HUNTGROUP **
cisco NAS-IP-ADDRESS = IP_PROXY
** USERS **
DEFAULT Huntgroup-Name == cisco, instance_openldap-Ldap-Group == ??? USERS1 or
USER2 ???
# It's USERS1 for NAS1 and USER2 for NAS2, but the proxy rewrite the
NAS_IP_Address by its address :( I can't differenciate the NAS_IP because it's
the PROXY IP.
How can I do differenciate these equipments ? For information, My equipments
are Cisco equipment.
Thanks for your assistance !
Nicolas.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
