You should do something like: DEFAULT Group == "enabled", Auth-Type := System # And the last line in your users file have: DEFAULT Auth-Type := Reject That way if it doesn't match to anything, return reject. On Thu, Sep 30, 2010 at 8:31 AM, Sid Stuart <sid@meez.com> wrote:
We would like to configure authentication using the Unix module. We would also like to have a white-list based on a group in /etc/group.
We created an entry in the /etc/raddb/users file that looks like,
DEFAULT Group == "enabled", Auth-Type := System
Unfortunately, this passes all users with a valid account through, even when they are not listed in the group.
We can set up a blacklist with
DEFAULT Group == "disabled", Auth-Type := Reject Reply-Message = "Your account has been disabled."
DEFAULT Auth-type := System
but would prefer a white-list approach. Does anyone know how to do this?
Sid
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html