> I have TWO Servers, with one running PoPtop+Radius plugin / freeradius
> 2.1.6 / SQL DaloRadius Setup
>
> Connection is INTERNET>PPP>FREERADIUS>LAN
>
> User X connects to Server A and authenticates against freedradius running
> on Server A and is provided with Access use mschap v2 authentication and
> this works fine..
>
> What I would like to do is setup Server B to authenticate against
> freeradius on Server A, but ONLY allow access to Server B if the
> connecting user belongs to a specific Group. If group is the correct
> approach?
>
> I'm looking at setting up TWO Groups.
>
> Default Group to allow access to Server A only, but if you belong to
> GROUPX, you will be allowed access to both Server A and Server B.
>
> How do I setup this access in SQL against a user and what Check / Reply
> attributes, if any do I need to use?
Add users to groups. Then use unlang to check group/NAS combination:
if(NAS-IP-Address == NAS2 && SQL-Group == "GROUPX") {
ok
}
else {
reject
}
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
