t...@kalik.net wrote:
Now I have NAS-Identifier attribute in group table, but it is ignored and
the user can connect from different NAS.
That's how sql groups work. If the group check doesn't match - group is
ignored. User is not rejected. If you wan't to force this use unlang or
hungroups (or users) file.
I recently posted a howto explaining how to implement huntgroups in SQL
using unlang in 2.x, look in the mail archives. It also illustrates how
to use the SQL huntgroups to control logon access based on the NAS.
Perhaps I should put this on the wiki.
--
John Dennis <jden...@redhat.com>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
