Re: restrict login based on nas
This is a discussion on Re: restrict login based on nas within the FreeRADIUS Users forums, part of the Networking and Network Related category; Marcin Jessa wrote: >Hi. > >This can be done with hungroups or realms. >I use RouterOS as ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-17-2005
|
|||
|
|||
Re: restrict login based on nas
Marcin Jessa wrote:
>Hi. > >This can be done with hungroups or realms. >I use RouterOS as my NAS which has a Mikrotik-Realm Attribute. >If user's Mikrotik-Realm stored in radcheck differs from the one configured on the NAS, the user gets rejected. >This way each user can have separate realm value stored in SQL matching the realm of the NAS. > > So.. how would that work in a situation as follows: Realms: Local = myisp Roaming = globalisp Usergroups: Default = dynamic Roaming = roaming Now these are the rules .. in simple if statements if (realm == myisp) { if (usergroup == dynamic) { auth-type = accept; } else if (usergroup == roaming) { auth-type = reject; } } else if (realm == globalisp) { if (usergroup == dynamic || usergroup == roaming) { auth-type = accept; } } So how then do I specify that which NAS is in which realm? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
