Hi, Ok, I think I am getting closer. I have defined a new passwd module like so: passwd nas_group { filename = ${raddbdir}/nas_group format = "*NAS-IP-Address:,User-Name" } I have also added a call to nas_group in the authorize section, directly after preprocess: nas_group { notfound = reject } In my nas_group file, i have the following: 255.255.255.255:test_user When I test this out with radtest, I get success no matter what, with whatever user(s) are listed behind the NAS-IP-Address being "added to config_items". What I want though, is to make sure that the user name coming in is listed in the nas_group file after the NAS-IP-Address entry. If it is there, then the password should just be checked against the username, but if the user name is not associated with this NAS-IP-Address, then the attempt should be rejected. So how do I get the rlm_passwd module to check the list of user names against the user name in the incoming request? Thanks, Simon
simon@434canada.com wrote:
Ok, I think I am getting closer. I have defined a new passwd module like so:
passwd nas_group { filename = ${raddbdir}/nas_group format = "*NAS-IP-Address:,User-Name" }
Thet creates a username by NAS IP address, I think... you don't want to do that. See the "man" page for rlm_passwd. It says to create a group attribute for a reason. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (2)
-
Alan DeKok -
simon@434canada.com