Il 04/04/2012 12:49, Andres Septer ha scritto: > OK, I achieved my goal to get freeradius authenticate via mschap > challenge-response and authorize via LDAP search. > I's working, though, I'm not sure, that I'm doing it right. This "solution" > works only with one group (my example, VPNusers). I think it is not > expandable to the scenario like: > > "authorize user when it belongs to the group VPNusers > autohorize user when it comes form IP of some WiFi access point disregarding > any groups" Why not setting the group to check membership of in a variable based on the NAS sending the request? Or, maybe, by using huntgroups (not sure... still have to understand 'em fully).
BYtE, Diego. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html