limiting user access

simon at 434canada.com simon at 434canada.com
Wed Aug 2 21:11:35 CEST 2006


>> Ok, I think I am getting closer.  I have defined a new passwd module >>like so:
>> 
>> passwd nas_group {
>>   filename = ${raddbdir}/nas_group
>>   format = "*NAS-IP-Address:,User-Name"
>> }

>  Thet creates a username by NAS IP address, I think... you don't want
>to do that.
>
>  See the "man" page for rlm_passwd.  It says to create a group
>attribute for a reason.
>
>  Alan DeKok.

OK, yes, I realize that was creating a user name.  So if I change that format line to have a Group attribute instead of User-Name, then I have a Group being created by NAS-IP-Address.  I still don't get how I can test to make sure that the user is part of this group.  I have tried adding the group name to the usergroup table, but whether or not this value is correct (corresponds to the value in the nas_group file) or is even present doesn't make a difference.  The user is always getting authenticated.  Where does the logic need to lie to check that the user is a part of the named group?

Simon



More information about the Freeradius-Users mailing list