Hi all, I use Freeradius 1.1.7 (yes, sorry I know it is a little bit old but there is no time to upgrade :(
I want that the requests from some servers are checked and authenticated through LDAP-Groups for example Requests from IP x.x.x.x should be authenticate only if the user is in ldap-group employee, tha same for IP y.y.y.y . Then I have some other servers with requests that don't need LDAP authorisation. I used the Huntgroups to define the first two servers als huntgroup "testldap" and the rest as huntgroup "all". That functions great for IP Addresses. The list ist long, but still ok. Only if I want to do that for network of clients this doesn't work. The problem is that I must list all of the servers that should gain access and I have a lot of PC-Pools which use radius to authenticate. In the client.conf they are written with the network addresses, that doesn't work in huntgroups file. I don't want to list all of the PC-Pool members in the Huntgroups because there are too many... Does Huntgroup support only IP-Addresses or I can fill up Network Addresses too? Or there is another workaround? Or maybe this issue is already changed in the new version 2.3.1? users -------- DEFAULT Huntgroup-Name==testldap, Ldap-Group == employee, Auth-Type := Pam Fall-Through = no DEFAULT Huntgroup-Name==all, Auth-Type := Pam Fall-Through = no DEFAULT Auth-Type := Reject Reply-Message = "Please call the helpdesk." huntgroups ----------------- #Test LDAP testldap NAS-IP-Address == x.x.x.x testldap NAS-IP-Address == y.y.y.y #All Users all NAS-IP-Address == a.a.a.a .... all NAS-IP-Address == z.z.z.z/26 Greets, Meyes - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html