Martin Whinnery wrote: > Now, I'd like to set up our switches to use radius to allow our > technicians to login. And they are all members of an LDAP group. Let's > call it "cn=techies,ou=groups,dc=example,dc=org". I only want this to be > the case for some client devices, namely our switches. > > Can anyone point me towards the documentation I should have read?
The LDAP-Group attribute will check LDAP group membership. http://wiki.freeradius.org/Rlm_ldap You can put switches (or NASes) into groups via the Huntgroup. See raddb/huntgroups. Then... combine them. In the "users" file: DEFAULT LDAP-Group == "techies", Huntgroup-Name != "some-switches", Auth-Type := Reject (all on one line) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
