I have a variety of Cisco devices that require mutually incompatible values in a certain RADIUS attribute, Cisco-AVPair. The way I have dealt with this in the past is with huntgroups -- I assign our engineer group on huntgroup1 to have Cisco-AVPair set to shell:roles=network-admin, while by default, the engineer group gets shell:priv-lvl=15. So far, so good. Problem is that we have another new kind of Cisco device that achieves engineer read-write with Cisco-AVPair set to shell:roles*admin. I figured that I would just set up another huntgroup, but this device apparently also doesn't set NAS-IP-Address or NAS-Identifier, so the usual huntgroup mechanism doesn't work.
My production environment currently uses Cistron. But I'm planning to switch to freeradius. Unfortunately, it looks to me like the same issue applies to freeradius. Help? Is there any way to make a distinction between devices in the config without using huntgroups based on NAS-IP-Address or NAS-Identifier? Thanks! [I sent a very similar message to the cistron mailing list, BTW. I'm looking for a solution for either program.] - Morty - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html