Dustin Doris wrote:
Yes I know, because I want the premium people to be able to login at every server, (serverA and serverB).Dustin Doris wrote:
Hi,
how can i manage to accept two kind of users: the first: premium, may login from serverA and serverB the second: normal, may only login from serverB
I thought to manage this by huntgroup-file: ################################ huntgroup-file:
premium NAS-IP-Address == serverA premium NAS-IP-Address == serverB * *normal NAS-IP-Address == serverB ################################
But with this configuration only the premium user can login from serverB, the normal users are denied!!
Good start, but what's in your users file? There is more to it, the huntgroup file only defines what is a huntgroup. Something else (such as the users file) will define what to do if someone is in that huntgroup.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The users file looks like that: user1 Auth-Type := PAP, Crypt-Password == "XXXXXXX", Huntgroup-Name == premium Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.0, Framed-IP-Address = 10.10.11.11
user2 Auth-Type := PAP, Crypt-Password == "YYYYYYY", Huntgroup-Name == normal Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.0, Framed-IP-Address = 10.10.10.11
and user1 is allowed to login, but user2 is denied, also both login from serverB. I am using Freeradius 1.0.1.
You have serverB in both huntgroups. The first one that matches will be used. Therefore, serverB will only be in the premium huntgroup.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Looking into the huntfile comming with the sourcecode, the server 192.168.2.5 is in both huntgroups (alphen and business) as well!
I thought the procedure is like that:
The request is arriving, first the username is looked up, then (if) the huntgroup is searched inthe huntgroupe file.
If the huntgroup is found, the IP-Address must match!!
But this looks like if a huntgroup is set, radius is looking for the NAS-IP-Address in the huntgroup file and the first matching IP-Address is taken, and therefore the depending huntgroup!!!
So how can I then manage to have two groups, where the normal users may login from some NAS and the premium users may login from the same and some more!!
thanks florian
-- -------------------------------------------------------------- Dipl. Inf. Florian Prester Network Administration Regionales RechenZentrum Erlangen Universitaet Erlangen-Nuernberg Germany
Tel.: +499131 8527813
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html