[EMAIL PROTECTED] schrieb:
huntgroups file:
pool3 NAS-IP-Address == "NAS1IPAddress"
pool3 NAS-IP-Address == "NAS2IPAddress"
pool3 NAS-IP-Address == "NAS3IPAddress"
____
DEFAULT Huntgroup-Name == "pool3", User-Name == "user2", Auth-Type :=
Reject
in users file. Huntgroups *are* what you refer to as "hostpools".
Ivan Kalik
Kalik Informatika ISP
You're right with the hostpools... %)
Maybe this will more exactly explain my question:
I have 4 groups of users:
Admins (which are allowed to access all hosts)
- okay quite easy, simply no huntgroup
FW-Admins (which are allowed to access only FW-IPs)
- easy too, huntgroup FW-IPs
RTR-Admins (which are allowed to access all CPE-IPs)
- difficult (big net) so I want to use REGEX wildcards, which
unfortunatly covers the FW-IPs
Apprentice (which are allowed to access only TEST-IPs)
- again easy, huntgroup TEST-IPs
So what I want is something like in an example 10.0.0.0/16 net (with
aprox.: 400-500 Devices in this Range) ...
huntgroups:
FW-IPs NAS-IP-Address == "10.0.0.1"
FW-IPs NAS-IP-Address == "10.0.0.2"
FW-IPs NAS-IP-Address == "10.0.0.3"
CPE-IPs NAS-IP-Address =~ '10\.0\..*\..*'
TEST-IPs NAS-IP-Address == "10.0.255.1"
TEST-IPs NAS-IP-Address == "10.0.255.2"
TEST-IPs NAS-IP-Address == "10.0.255.3"
users:
anderson Huntgroup-Name == "CPE-IPs", Huntgroup-Name != "FW-IPs" (Is
this possible ?!?)
- for a user who should access all the 10.0.0.0/16 net except the FW IP's.
smith Huntgroup-Name == "TEST-IPs"
- a simple apprentice entry
and so on ...
Any ideas?
Alexander
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
