On 11/30/2009 02:54 PM, freerad...@corwyn.net wrote:
There's a piece of RADIUS that I'm not understanding. If I have an entry in my ./users file DEFAULT Auth-Type:=Accept,Ldap-Group == "Group1" Service-Type=NAS-Prompt-User,cisco-avpair="shell:priv-lvl=15" And another entry DEFAULT Auth-Type:=Accept,Ldap-Group == "Group2" Service-Type=NAS-Prompt-User,cisco-avpair="shell:priv-lvl=15" where I'm trying to authorize users in Group1 for one set of switches, and users in Group2 for another set of switches, how does freeradius know which is which?
I assume you're asking how does FreeRADIUS know which switch the request is associated with, correct? Typically this is done with huntgroups which adds a huntgroup name to the request based on the IP address of the NAS. You then perform different operations based on the huntgroup name. See the huntgroups file for more documentation or the wiki howto for how to implement huntgroups in SQL.
-- John Dennis <jden...@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
