[EMAIL PROTECTED] (Rens Houben) wrote:
> For some time now I have -- fairly successfully -- been using
> FreeRADIUS on the ADSL router my employers own. So successfully, in
> fact, that they've asked me to look into replacing their current /other/
> RADIUS server (an unspecified piece of excretia running on windows NT)
<g>
> The company I work for has two separate dial-in services: one at
> the office, the other on location elsewhere. They have different
> userbases, and users from one group are not allowed to dial into the
> other router. Right now this is done by running two separate RADIUS
> servers on two separate machines, which is not exactly optimal.
You can run both on one machine, with different ports. It's not
perfect, though.
> My question, then is: Is there a reply field (I'm using mySQL as backend,
> so I'd like to add it in radgroupreply) that restricts a username to one
> client (from the ones listed in clients.conf) and that one client only?
See the 'huntgroups' file:
#------
userbase1 Client-IP-Address = 1.2.3.4, Client-IP-Address = 1.2.3.5
Group = userbase1
userbase2 Client-IP-Address = 2.3.4.5, Client-IP-Address = 2.3.4.6
Group = userbase2
#---
Users in group "userbase1" can only log in from the listed clients.
The same goes for "userbase2"
Now that you've limited the clients where they can log in, you can
put both user bases into one SQL database, and key off of the
"Huntgroup-Name" attribute, which will be set to "userbase1", or to
"userbase2", from the first word of each entry in the 'huntgroups'
file.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
