User restriction

Frederick William Borges Pohl frederick.pohl at oi.net.br
Wed Aug 6 22:54:26 CEST 2008 

Thanks again, Alan.

Radius is now running and working fine.

I tested it using radtest 

"radtest fpohl <password> localhost 1812 <password>"

and I got an OK result

"rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=162, length=20"

My question is now regarding users.

The user fpohl is a regular Unix user I created with useradd but it does not belong to the same group as radiusd.

It is configured as follow:

fpohl:x:1000:110:Fred:/home/fpohl:/bin/bash
radiusd:x:107:109:Radius daemon:/var/lib/radiusd:/bin/false

ns1:~ # id fpohl
uid=1000(fpohl) gid=110 groups=110,16(dialout),33(video)
ns1:~ # id radiusd
uid=107(radiusd) gid=109(radiusd) groups=109(radiusd)

How can I configure freeradius to only accept connections from users that belong to the same groups as radiusd?

What I really need is to not allow all unix users to be a radius client, only the ones that belong to a specific group.

If my questions are too basic and there are documents on the web that can help new users like me, please show me the way.


Frederick Pohl

-----Mensagem original-----
De: freeradius-users-bounces+frederick.pohl=oi.net.br at lists.freeradius.org [mailto:freeradius-users-bounces+frederick.pohl=oi.net.br at lists.freeradius.org] Em nome de A.L.M.Buxey at lboro.ac.uk
Enviada em: terça-feira, 5 de agosto de 2008 13:48
Para: FreeRadius users mailing list
Assunto: Re: RES: Installation problem

Hi,

> 
> After running /sbin/ldconfig -v , I was able to execute radiusd.
> 
> The only weird thing is that the daemon is not showing when I type ps aux.
> 
> Even after running /usr/sbin/radiusd, nothing happens.

yep - at this point you run

radiusd -X


to see whats wrong


alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Esta mensagem, incluindo seus anexos, pode conter informações privilegiadas e/ou de caráter confidencial, não podendo ser retransmitida sem autorização do remetente. Se você não é o destinatário ou pessoa autorizada a recebê-la, informamos que o seu uso, divulgação, cópia ou arquivamento são proibidos. Portanto, se você recebeu esta mensagem por engano, por favor, nos informe respondendo imediatamente a este e-mail e em seguida apague-a.

More information about the Freeradius-Users mailing list