on the right track?

Alan DeKok aland at ox.org
Wed Feb 22 18:03:54 CET 2006


mbjohn at duke.edu wrote:
> We have a Cisco AS5300 terminal server that already uses freeradius w/
> kerberos to authenticate users.  We would like to take that a step further
> and use freeradius to limit usage time based on the user name (certain
> users are allowed 8hrs while all others are given 15min).

  I'd suggest using rlm_passwd.  The "man" page has an example of
creating groups based on users.  You can then key off of the NAS IP &&
the group to limit connection times.

  That gives you a minimal config: 2 group files, and two entries in
the "users" file.

  Alan DeKok.



More information about the Freeradius-Users mailing list