Re: Multiple Huntgroups for one User? 2nd Try
[EMAIL PROTECTED] schrieb: huntgroups file: pool3 NAS-IP-Address == NAS1IPAddress pool3 NAS-IP-Address == NAS2IPAddress pool3 NAS-IP-Address == NAS3IPAddress DEFAULT Huntgroup-Name == pool3, User-Name == user2, Auth-Type := Reject in users file. Huntgroups *are* what you refer to as hostpools. Ivan Kalik Kalik Informatika ISP You're right with the hostpools... %) Maybe this will more exactly explain my question: I have 4 groups of users: Admins (which are allowed to access all hosts) - okay quite easy, simply no huntgroup FW-Admins (which are allowed to access only FW-IPs) - easy too, huntgroup FW-IPs RTR-Admins (which are allowed to access all CPE-IPs) - difficult (big net) so I want to use REGEX wildcards, which unfortunatly covers the FW-IPs Apprentice (which are allowed to access only TEST-IPs) - again easy, huntgroup TEST-IPs So what I want is something like in an example 10.0.0.0/16 net (with aprox.: 400-500 Devices in this Range) ... huntgroups: FW-IPs NAS-IP-Address == 10.0.0.1 FW-IPs NAS-IP-Address == 10.0.0.2 FW-IPs NAS-IP-Address == 10.0.0.3 CPE-IPs NAS-IP-Address =~ '10\.0\..*\..*' TEST-IPs NAS-IP-Address == 10.0.255.1 TEST-IPs NAS-IP-Address == 10.0.255.2 TEST-IPs NAS-IP-Address == 10.0.255.3 users: anderson Huntgroup-Name == CPE-IPs, Huntgroup-Name != FW-IPs (Is this possible ?!?) - for a user who should access all the 10.0.0.0/16 net except the FW IP's. smith Huntgroup-Name == TEST-IPs - a simple apprentice entry and so on ... Any ideas? Alexander - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Multiple Huntgroups for one User? 2nd Try
RTR-Admins (which are allowed to access all CPE-IPs) - difficult (big net) so I want to use REGEX wildcards, which unfortunatly covers the FW-IPs huntgroups: FW-IPs NAS-IP-Address == 10.0.0.1 FW-IPs NAS-IP-Address == 10.0.0.2 FW-IPs NAS-IP-Address == 10.0.0.3 CPE-IPs NAS-IP-Address =~ '10\.0\..*\..*' TEST-IPs NAS-IP-Address == 10.0.255.1 TEST-IPs NAS-IP-Address == 10.0.255.2 TEST-IPs NAS-IP-Address == 10.0.255.3 users: anderson Huntgroup-Name == CPE-IPs, Huntgroup-Name != FW-IPs (Is this possible ?!?) - for a user who should access all the 10.0.0.0/16 net except the FW IP's. No. Do this: anderson Huntgroup-Name == FW-IPs, Auth-Type:=Reject ( it will cut down processing) This is an example when you should set Auth-Type. CPE huntgroup includes all others so can do away with it. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Multiple Huntgroups for one User? 2nd Try
2nd Try, just in case my 1st message was not recognized ;-) Hi Freeradius-List, is it possible to give/deny access to multiple huntgroups for a single user/group? E.g.: User/group is denied to access hosts 10.0.0.1, 10.0.0.2 and 10.0.0.3 but is allowed to access all the other hosts in 10.0.0.0/24. Something like hostpools would be nice (e.g.: user/group1 can access pool1, pool2 and pool3. user2 can access pools 1+2 but is denied to access pool3). Thanks in advance, Alexander - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Multiple Huntgroups for one User? 2nd Try
huntgroups file: pool3 NAS-IP-Address == NAS1IPAddress pool3 NAS-IP-Address == NAS2IPAddress pool3 NAS-IP-Address == NAS3IPAddress DEFAULT Huntgroup-Name == pool3, User-Name == user2, Auth-Type := Reject in users file. Huntgroups *are* what you refer to as hostpools. Ivan Kalik Kalik Informatika ISP Dana 14/9/2007, Alexander Papenburg [EMAIL PROTECTED] piše: 2nd Try, just in case my 1st message was not recognized ;-) Hi Freeradius-List, is it possible to give/deny access to multiple huntgroups for a single user/group? E.g.: User/group is denied to access hosts 10.0.0.1, 10.0.0.2 and 10.0.0.3 but is allowed to access all the other hosts in 10.0.0.0/24. Something like hostpools would be nice (e.g.: user/group1 can access pool1, pool2 and pool3. user2 can access pools 1+2 but is denied to access pool3). Thanks in advance, Alexander - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Multiple Huntgroups for one User?
Hi Freeradius-List, is it possible to give/deny access to multiple huntgroups for a single user/group? E.g.: User/group is denied to access hosts 10.0.0.1, 10.0.0.2 and 10.0.0.3 but is allowed to access all the other hosts in 10.0.0.0/24. Something like hostpools would be nice (e.g.: user/group1 can access pool1, pool2 and pool3. user2 can access pools 1+2 but is denied to access pool3). Thanks in advance, Alexander - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html