5 Oct
2009
5 Oct
'09
2:38 a.m.
Bob Franklin wrote:
The way I can see to do this is allow clients to submit requests with a custom local attribute (e.g. 'UCam-Requested-Service'). If this attribute were present, we would fail the authentication if the user was not a member of the appropriate group (but otherwise authenticated OK).
That's pretty much the best way to do it. The rest of RADIUS works like this. See "Service-Type" for an attribute that requests different kinds of service. Alan DeKok.