Restricting certain users access to certain NAS devices
Alan DeKok
aland at deployingradius.com
Thu May 27 18:02:52 CEST 2010
Whitmarsh Mark (Leeds Teaching Hospitals NHS Trust) wrote:
> Sorry, I should have mentioned I already tried man rlm_passwd and couldn't figure it out.
> I've been through it again and have made the following changes:
>
> 1. created a file /etc/raddb/path_group
> path_group:user1,user2,user3,user4,user5
>
> 2. Added the following to /etc/raddb/dictionary
> ATTRIBUTE User_Group_Name 3003 string
>
> 3. Added to modules/passwd
> filename = /etc/raddb/path_group
> hashsize = 20
> allowmultiplekeys = yes
> format = "~User_Group_Name:*,User-Name"
>
> 4. Also edited modules/etc_group because I couldn't make out which file to put these items in
> passwd etc_group {
> filename = /etc/raddb/path_group
> format = "~User_Group_Name:*,User-Name"
> hashsize = 50
> ignorenislike = no
> allowmultiplekeys = yes
> delimiter = ":"
> }
>
> 5. Inserted this into the post-auth section of sites-enabled/default
>
> if ("%{User_Group_Name}" == path_group) {
You should list "etc_group" in the post-auth section. The module will
be loaded, and will add the User_Group_Name attribute.
> Debug output is:
Which shows that the etc_group module isn't used when a packet is
received.
Alan DeKok.
More information about the Freeradius-Users
mailing list