limiting user access
simon at 434canada.com
simon at 434canada.com
Wed Aug 2 21:11:35 CEST 2006
>> Ok, I think I am getting closer. I have defined a new passwd module >>like so:
>>
>> passwd nas_group {
>> filename = ${raddbdir}/nas_group
>> format = "*NAS-IP-Address:,User-Name"
>> }
> Thet creates a username by NAS IP address, I think... you don't want
>to do that.
>
> See the "man" page for rlm_passwd. It says to create a group
>attribute for a reason.
>
> Alan DeKok.
OK, yes, I realize that was creating a user name. So if I change that format line to have a Group attribute instead of User-Name, then I have a Group being created by NAS-IP-Address. I still don't get how I can test to make sure that the user is part of this group. I have tried adding the group name to the usergroup table, but whether or not this value is correct (corresponds to the value in the nas_group file) or is even present doesn't make a difference. The user is always getting authenticated. Where does the logic need to lie to check that the user is a part of the named group?
Simon
More information about the Freeradius-Users
mailing list