help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] grouping and pool address

From: Sergey Poznyakoff
Subject: Re: [Help-gnu-radius] grouping and pool address
Date: Fri, 14 Apr 2006 09:54:09 EEST 
address@hidden wrote:

> Actually we have three offices and want to do grouping
> based on those offices.
> Because I want to set different access rules on another firewall box
> for each office users. So I need to assign IP address from three different
> subnet pool addresses for those three offices.
> In additional we know which account belongs to which office.

Then the solution is to bind each user to a specific group by his
username. Since you prefer to do this in plaintext radius configs (which
is ok if for the small number of users), here's a short roadmap:

1. For each user add to your raddb/hints the following record:

<username>  NULL     Hint = <groupname>

where <username> is this user name and <groupname> is the name of the
group he/she belogns to.  For example, following your raddb/users
fragment:

test1   NULL    Hint = Group1
test2   NULL    Hint = Group1

test3   NULL    Hint = Group2
test4   NULL    Hint = Group2

test5   NULL    Hint = Group3
test6   NULL    Hint = Group3

2. To the beginning of your raddb/users add following entries (it is
   important that they be placed before any actual user entries):

BEGIN   NULL
        Match-Profile = "IPPOOL",
                Fall-Through = Yes

IPPOOL  Hint = Group1
        Framed-IP-Address = 192.168.1.1+,
                Framed-IP-Netmask = 255.255.255.255

IPPOOL  Hint = Group2
        Framed-IP-Address = 192.168.1.65+,
                Framed-IP-Netmask = 255.255.255.255

IPPOOL  Hint = Group3
        Framed-IP-Address = 192.168.1.129+,
                Framed-IP-Netmask = 255.255.255.255


Regards,
Sergey
reply via email to
[Prev in Thread] Current Thread [Next in Thread]