-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 31.12.2011 16:35, schrieb Jens Weibler: > my solution > > users: > DEFAULT Huntgroup-Name == "switches", Ldap-Group == "coolguys" > Tunnel-Type = VLAN, > Tunnel-Medium-Type = "IEEE-802", > Tunnel-Private-Group-ID = "1337" > > huntgroups: > # Switch XY > all NAS-IP-Address == X.Y.Z.131, NAS-Port >= 1,NAS-Port > <= 30 > coolguys NAS-IP-Address == X.Y.Z.131, NAS-Port >= 31,NAS-Port <= 40 you point me in the right direction. My problem was, that the LDAP-Module was instanced after the files module (those wo process the users file) SO the checking never take place. I changed the ordering of the module and all works fine :)
I modified your solution a little bit so i have a "deny"-logic. huntgroups: access-points = NAS-IP-Address == X.Y.Z1.1, NAS-Port = 0 access-points = NAS-IP-Address == X.Y.Z2.1, NAS-Port = 0 access-points = NAS-IP-Address == X.Y.Z3.1, NAS-Port = 0 users: DEFAULT Huntgroup-Name == "access-points", Ldap-Group != "Wireless", Auth-Type := Reject -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8AZJwACgkQWaFOsSkiiV+YtQCgiHAEXHrN4btnbnpFmMpByS3z YdwAoJaiy1fEfToJN/ruWDZJTbpTDqBF =mXBM -----END PGP SIGNATURE----- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
