limiting user access

simon at simon at
Wed Aug 2 20:39:44 CEST 2006


Ok, I think I am getting closer.  I have defined a new passwd module like so:

passwd nas_group {
  filename = ${raddbdir}/nas_group
  format = "*NAS-IP-Address:,User-Name"

I have also added a call to nas_group in the authorize section, directly after preprocess:

nas_group {
  notfound = reject

In my nas_group file, i have the following:

When I test this out with radtest, I get success no matter what, with whatever user(s) are listed behind the NAS-IP-Address being "added to config_items".  What I want though, is to make sure that the user name coming in is listed in the nas_group file after the NAS-IP-Address entry.  If it is there, then the password should just be checked against the username, but if the user name is not associated with this NAS-IP-Address, then the attempt should be rejected. So how do I get the rlm_passwd module to check the list of user names against the user name in the incoming request?



More information about the Freeradius-Users mailing list