You group devices in huntgroups and users in groups and than regulate access. If a user/group should have access only to a group of devices you add that Huntgroup-Name to the profile. If user/group should have access only to a single device you add that device NAS-IP-Address to the profile.
Doing it all in ldap is much more complicated. Ivan Kalik Kalik Informatika ISP Dana 24/3/2008, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> piše: >Anyone? > >by the way, my freeradius version is 2.0.2 > >> Hello all, >> >> I want to know if this kind of answer by RADIUS is possible: >> I need to authenticate some users for the switches in my network (all from >> 3com) and the users don't have the same access level in all switches, for >> example, the user1 has admin access level in SWITCH1 and don't have access >> for SWITCH2, but the user2 has admin access to both of them. >> >> I have a working configuration where a user have the same access level for >> all switches and in this way I have a LDAP base like this: >> uid = user1 >> userPassword = teste >> 3Com-User-Access-Level = 3Com-Administrator >> >> I was thinking about change the configuration of my LDAP database creating >> a child fo each switch that the user has access and in this subtree put >> the level of access, making the LDAP base 'appear' like this: >> uid = user1 >> userPassword = teste >> / \ >> cn = SWITCH1 cn = SWITCH2 ....... >> 3com-level = admin 3com-level = level ....... >> >> Is this a good way of doing this? There are another ways? Using this way >> how can I put the right answer in RADIUS reply? >> >> Thanks >> Julio Andrade >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html