Thanks Ivan ! With huntgroup it works perfectly, now I am searching to manage my huntgroup whith ldap, no longer with the file huntgroup.
Each users have the primitive radiusHuntgroupName, but I want to define my huntgroup in ldap, is it possible you think ? Regards, Francois -----Message d'origine----- De : Ivan Kalik [mailto:t...@kalik.net] Envoyé : mardi 19 mai 2009 15:09 À : François Mehault Objet : RE: check-item NAS-IP-ADdress & Calling-Station-ID with openldap > Well, I am using checkval to check the attribute NAS-IP-Address, what I > want : I have several users and several NAS, some users allows to > authenticate on some NAS, and others not. I use an openldap database. Each > users have an attribute "radiusCheckItem". I don't know if I am right, if > it's the good way to do what I need, but I am a novice with freeRadisu and > OpenLDAP. Well, if user is going to have only one value for NAS IP, then you don't need checkval - just map appropriate attribute as check item in raddb/ldap.attrmap. If he should be allowed on several devices it might be better to use huntgroups/sqlhuntgroups - as long as there are not too many combinations. Same applies to mac address - if user can use only one there is no need to use checkval. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html