Additional Restrictions for users
William Burnett
burnett.w at gmail.com
Fri Sep 24 22:07:44 CEST 2010
I currently have my RADIUS servers setup to handle authentication for
my various NAS's to grant users access to network resources.
I would like to use the same servers to handle authentication for SSH
for various routers. This all works, but I'm having a hard time
getting the RADIUS server to only accept requests from users of the
"ssh" group. I obviously don't want john.doe accessing my core
routers.
What is the best way to go about this? I was trying to use unlang to
query my database but can't seem to get the syntax right.
contents of sites-enabled/default:
...authorize {
preprocess
if (Service-Type == "Login-User")
if ( %{group_membership_query} == "ssh") {
update reply {
ok-to-continue
}
}
else {
update reply {
Auth-Type := Reject
}
}....
The group_membership_query would reference this:
group_membership_query = "SELECT groupname \
FROM ${usergroup_table} \
WHERE username = '%{SQL-User-Name}' \
ORDER BY priority"
Any help/suggestions would be much appreciated.
Sincerely,
William Burnett
burnett.w at gmail.com
More information about the Freeradius-Users
mailing list