"Min Qiu" <[EMAIL PROTECTED]> writes: > I would like to restrict user login by NAS-IP-address or > fqdn if possible. Therefore I can restrict user to login > a group of devices. > > user1 Auth-Type := Local, User-Password == "sceret", > NAS-IP-address =="10.1.2.0/24"
Using a regexp is just as easy when you just need to restrict it on the byte boundaries: user1 Auth-Type := Local, User-Password == "sceret", NAS-IP-address =~ "^10\.1\.2\." Hmm, the manual says that the regex operators may only be applied to string attributes. But I believe it works on IP addresses too, doesn't it? You might want to check out "huntgroups" in any case. See doc/README and the sample raddb/huntgroups file. Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html