Unix group authentication
Alan DeKok
aland at deployingradius.com
Tue Mar 18 22:30:29 CET 2008
Shawn Storey wrote:
> I have compiled and installed successfully FreeRADIUS2.0.3 on Debian
> (had to add a trailer to debian/changelog after the 2.0.3 section) and
> have setup EAP-TTLS for authenticating wireless users to UNIX accounts.
> What I would like to do is have FreeRADIUS check if the user is a member
> of the UNIX group "wireless" that I created and only allow members of
> that group to authenticate. Is this possible, and if so how?
Something similar is in the FAQ. Put this at the top of the "users" file:
DEFAULT Group != Wireless, Auth-Type := Reject
That's it.
> We are
> planning to migrate all of our servers to OpenLDAP in the summer, which
> we have tested successfully, but I was hoping to get FreeRADIUS to do
> this in the meantime.
You can't ask for much better than a 1-line change to a configuration
file.
Alan DeKok.
More information about the Freeradius-Users
mailing list