limiting user access
simon at 434canada.com
simon at 434canada.com
Wed Aug 2 20:39:44 CEST 2006
Hi,
Ok, I think I am getting closer. I have defined a new passwd module like so:
passwd nas_group {
filename = ${raddbdir}/nas_group
format = "*NAS-IP-Address:,User-Name"
}
I have also added a call to nas_group in the authorize section, directly after preprocess:
nas_group {
notfound = reject
}
In my nas_group file, i have the following:
255.255.255.255:test_user
When I test this out with radtest, I get success no matter what, with whatever user(s) are listed behind the NAS-IP-Address being "added to config_items". What I want though, is to make sure that the user name coming in is listed in the nas_group file after the NAS-IP-Address entry. If it is there, then the password should just be checked against the username, but if the user name is not associated with this NAS-IP-Address, then the attempt should be rejected. So how do I get the rlm_passwd module to check the list of user names against the user name in the incoming request?
Thanks,
Simon
More information about the Freeradius-Users
mailing list