Restricting certain users access to certain NAS devices

Alan DeKok aland at deployingradius.com
Thu May 27 18:02:52 CEST 2010


Whitmarsh Mark (Leeds Teaching Hospitals NHS Trust) wrote:
> Sorry, I should have mentioned I already tried man rlm_passwd and couldn't figure it out.
> I've been through it again and have made the following changes:
> 
> 1. created a file /etc/raddb/path_group
> path_group:user1,user2,user3,user4,user5
> 
> 2. Added the following to /etc/raddb/dictionary
> ATTRIBUTE       User_Group_Name         3003    string
> 
> 3. Added to modules/passwd
> filename = /etc/raddb/path_group
> hashsize = 20
> allowmultiplekeys = yes
> format = "~User_Group_Name:*,User-Name"
> 
> 4. Also edited modules/etc_group because I couldn't make out which file to put these items in
> passwd etc_group {
>         filename = /etc/raddb/path_group
>         format = "~User_Group_Name:*,User-Name"
>         hashsize = 50
>         ignorenislike = no
>         allowmultiplekeys = yes
>         delimiter = ":"
> }
> 
> 5. Inserted this into the post-auth section of sites-enabled/default
> 
> if ("%{User_Group_Name}" == path_group) {

  You should list "etc_group" in the post-auth section.  The module will
be loaded, and will add the User_Group_Name attribute.

> Debug output is:

  Which shows that the etc_group module isn't used when a packet is
received.

  Alan DeKok.



More information about the Freeradius-Users mailing list