> so it would need to be set per IP address or range only for > the limits so that the other users in AD can be used for that
Have you thought about using huntgroups to group your NAS together and then authorize based upon Huntgroup-Name? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
