Hello all,
I'm a n00b to freeradius-0.5 and RADIUS in general. I've tried looking
through the archives but have not been able to find an answer to this
question. I want to use RADIUS strictly for centralized AAA of network
elements like routers, switches, etc... Not for access server or controlling
dialup users. Someone please let me know if I'm going on the wrong track. To
the point now...
I want to limit access to different groups of devices to certain groups of
users. I thought I could accomplish this via huntgroups but it does not seem
to be working consistently as I would expect. Below is a conceptual
configuration of my 'users' and 'huntgroups' configuration files. Any help
or guidance would be greatly appreciated!
<--sample huntgroups config-->
core-routers NAS-IP-Address == 172.16.140.50
core-routers NAS-IP-Address == 172.16.140.60
core-routers NAS-IP-Address == 172.16.140.80
core-routers NAS-IP-Address == 172.16.140.90
core-routers NAS-IP-Address == 172.16.140.100
border-routers NAS-IP-Address == 192.168.1.76
border-routers NAS-IP-Address == 192.168.1.77
border-routers NAS-IP-Address == 192.168.1.78
border-routers NAS-IP-Address == 192.168.1.79
border-routers NAS-IP-Address == 192.168.1.82
border-switches NAS-IP-Address == 172.17.30.10
border-switches NAS-IP-Address == 172.17.30.11
border-switches NAS-IP-Address == 172.17.30.12
border-switches NAS-IP-Address == 172.17.30.13
border-switches NAS-IP-Address == 172.17.30.14
<--/sample huntgroups config-->
<--sample users config-->
bobjones Auth-Type := System
Huntgroup-Name == "core-routers",
Huntgroup-Name == "border-routers"
billsmith Auth-Type := System
Huntgroup-Name == "border-switches",
Huntgroup-Name == "border-routers"
johndoe Auth-Type := System
Huntgroup-Name == "core-routers"
freddavis Auth-Type := System
Huntgroup-Name == "border-routers"
<--/sample users config-->
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
