Hi, > I have 4 NAS-IP-Addresses. > > My users are split into 6 groups (some are in multiple > groups): public, faculty, staff, student, vpn, and admin. > > I would like the users to get access to the NAS by virtue of > being in a group. > > 192.168.1.1 > admin > 192.168.1.2 > vpn > 192.168.1.3 & 192.168.1.4 > faculty, staff, student & public
To make group of NASes use the huntgroup file, for instance: firstnas NAS-IP-Address == 192.168.1.1 ... lastnas NAS-IP-Address == 192.168.1.3 lastnas NAS-IP-Address == 192.168.1.4 Then define your LDAP server in radiusd.conf Then use the users file to make your rules such as: DEFAULT Huntgroup-Name == firstnas, Ldap-Group == admin Reply-Message = "XXX" Fall-Through = no For more info see: /usr/share/doc/freeradius/rlm_ldap /usr/share/doc/freeradius/ldap_howto.txt HTH, Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html