We have the following szenario, in which i got a problem: We use huntgroups to allocate different types of dialins (isdn, dsl, and so on). So we have a huntgroups File which looks similar to this:
xDSL NAS-IP-Address == 1.1.1.1 xDSL NAS-IP-Address == 1.1.1.2 xDSL NAS-IP-Address == 1.1.1.3 Wireless-802.11 NAS-IP-Address == 1.1.2.1 Wireless-802.11 NAS-IP-Address == 1.1.2.2 Wireless-802.11 NAS-IP-Address == 1.1.2.3 and so on. Access is huntgroup based, and via Calling-Station-Id or NAS-Port-Type attributes and so on. Now, we tried to make special groups for admin access on different servers. So we added some groups like AdminA NAS-IP-Address == 1.1.1.1 AdminA NAS-IP-Address == 1.1.2.1 AdminB NAS-IP-Address == 1.1.1.3 AdminB NAS-IP-Address == 1.1.2.3 and so on. Reason was to get a radius based way which admin (group) will be allowed to get access on which NAS (additional to other restrictions). Now, it doesn't work. As I checked out, it doesn't work when an ip address of a NAS was within the huntgroups file earlier for another group. So my question: is it ok not to build different huntgroups which contains in some cases servers with the same ip address ? Or other questioned - why ? That would be a nice feature. Ok, not an daily configuration scheme, but it would help to do some access restriction things. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html