Hello freeradius-users, In many cases, when there is no attributes in request to differenciate the kind of NAS and if we need to build a reply with NAS-Dependant (AVPAIR) attributes, the only solution is to affect the huntgroup by checking again the NAS-IP-Address in preprocessing.
I would like to know if there is anyway to create a private attribute in clients.conf to assign NAS type for Huntgroup selection ? I made some checks but My-Nas-Type variable does not seems to be accessible from within huntgroups as a checkItem. As we have to manage more than 1000 various NAS, the idea is to have a configured value in clients.conf to distinguish between different kinds/manufacturers/models of NAS, to avoid later NAS-IP-Address check again (it's already done in clients.conf) in Huntgroups, and to be able to assign the HuntGroup by testing this private attribute. For example : dictionnary : ATTRIBUTE My-Nas-Type 3000 string clients.conf : client c1 { ipaddress = 10.1.1.1 My-Nas-Type = cisco nastype = cisco } client c2 { ipaddress = 10.1.1.2 My-Nas-Type = cisco nastype = cisco } client c3 { ipaddress = 10.2.2.2 My-Nas-Type = netscreen nastype = other } client c4 { ipaddress = 10.3.3.3 My-Nas-Type = provider1 nastype = other } huntgroups : cisco Service-Type == Login-User, My-Nas-Type == "cisco" netscreen Service-Type == Login-User, My-Nas-Type == netscreen provider1 Service-Type == Login-User, My-Nas-Type == "provider1" ciscoByIP NAS-IP-Address == 10.1.1.1, Service-Type == Login-User ciscoByIP NAS-IP-Address == 10.1.1.2, Service-Type == Login-User netscreenByIP NAS-IP-Address == 10.2.2.2, Service-Type == Login-User p1ByIP NAS-IP-Address == 10.3.3.3, Service-Type == Login-User .... users : DEFAULT Huntgroup-Name == ciscogrp, Ldap-Group == "CiscoRW" Cisco-AVPair := "shell:priv-lvl=15" DEFAULT Huntgroup-Name == netscreen Ldap-Group == "All-Admin-RW" NS-Admin-Privilege = "All-VSYS-Root-Admin" DEFAULT Huntgroup-Name == provider1 Ldap-Group == "P1RW" #Old config DEFAULT Huntgroup-Name == ciscoByIP, Ldap-Group == "CiscoRW" DEFAULT Huntgroup-Name == netscreenByIP, Ldap-Group == "All-Admin-RW" DEFAULT Huntgroup-Name == p1ByIP, Ldap-Group == "P1RW" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html