>I'm setting up a freeradius configuration for authenticating users on a >number of technologies (pix, nokia, ...). Users accounts are stored in a >backend OpenLDAP. > >I'm willing to allow users to authenticate to specific machines, that I >would like to choose and administrer from the accounts on the LDAP server >(in a centralized manner). > >Is this possible, and how could I implement it?
Create a huntgroup with IPs of the machines from which administartors can log in. Then add to users file: DEFAULT Ldap-Group = admin_group,Huntgroup-Name != whatever, Auth-Type := Reject Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html