Hi,
I want to restrict access for particular access points based on a user name.
So a particular user can be authenticated on several access points (through a
single freeRadius server) but should be denied access on others.
I have been reading around, and I think that the way to approach this is
through the use of huntgroups. I am not sure what changes need to be
incorporated to make this work properly.
I am running freeRadius 1.1.2, and am using mySQL 5 as a backend.
Here is what I have started with.
I set up an entry in the huntgroups file something like this:
groupname1 NAS-IP-Address == 192.168.2.3
Group = firstgroup
Then, in my database, I would need the following entries in the following
tables:
-- radcheck --
id UserName Attribute Value Op
1 test Password testp ==
2 test Huntgroup-Name groupname1 ==
-- usergroup --
id UserName GroupName
1 test firstgroup
Is this all that needs to be done? The goal here is to allow user "test" to be
authenticated when he tries to connect from the NAS with IP address
192.168.2.3. If he tries to be authenticated through another NAS, then it
should be rejected.
My other question is if I want user "test" to know be allowed to authenticate
through another NAS (in addition to the previous one), what needs to be done?
I would think that I would need to make another entry for the second NAS in the
huntgroups file (giving a Group = secondgroup key-value pair), and then make
another entry in the usergroup table with UserName "test" and GroupName
"secondgroup".
If I am way off, other suggestions would also be greatly appreciated.
Thanks,
Simon
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
