Dana 13/12/2007, "Reynolds, Walter" <[EMAIL PROTECTED]> piše:
> >I am looking at that option, but I should not have to. Per the >huntgroups file: > >"# This file can also be used to define restricted access ># to certain huntgroups. The second and following lines ># define the access restrictions (based on username and ># UNIX usergroup) for the huntgroup. >#" > > >So I can create a huntgroup with multiple Nas, but the 'second and >following lines' are only recognized by the last entry in the huntgroup. >So If I go with groups, I should be able to add the following: (can >someone tell me if this is the write syntax, or do I still have to add >something to the dictionary.... have to leave right now to catch a >flight. Thanks) > >File radiusd.conf > > passwd etc_group { > filename = /usr/local/ett/raddb/grouplist > format = "=Group-Name:*,User-Name" > hashsize = 50 > ignorenislike = yes > allowmultiplekeys = yes > delimiter = ":" > } > Yes, you can create groups through files with rlm_passwd module. >File huntgroups: > >Limit1 NAS-IP-Address == 192.168.2.5 >Limit1 NAS-IP-Address == 192.168.2.6 > Group-Name == datacenter >--- That's not going to work for the same reason as the list of usernames. It is listed only for the last entry. You don't seem to comprehend that it's totally irrelevant do the entries have same or different names *inside* the huntgroups file. Grouping (giving entries the same name) only has such effect *outside* the huntgroups file when you use Huntgroup-Name attribute. To save you some bother - don't group datacenter users. You don't want to tie users to certain devices, you want to prevent some others to gain access to those devices. Entry like this in users file will do that: DEFAULT Group-Name == nopasaran, Huntgroup-Name == Limit1, Auth-Type := Reject Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html