Unix Group based White-List

Peter Lambrechtsen plambrechtsen at gmail.com
Wed Sep 29 22:03:00 CEST 2010


You should do something like:

DEFAULT Group == "enabled", Auth-Type := System
# And the last line in your users file have:
DEFAULT Auth-Type := Reject

That way if it doesn't match to anything, return reject.

On Thu, Sep 30, 2010 at 8:31 AM, Sid Stuart <sid at meez.com> wrote:

> We would like to configure authentication using the Unix module. We would
> also like to have a white-list based on a group in /etc/group.
>
> We created an entry in the /etc/raddb/users file that looks like,
>
> DEFAULT                Group == "enabled", Auth-Type := System
>
> Unfortunately, this passes all users with a valid account through, even
> when they are not listed in the group.
>
> We can set up a blacklist with
>
> DEFAULT         Group == "disabled", Auth-Type := Reject
>                          Reply-Message = "Your account has been disabled."
>
> DEFAULT         Auth-type := System
>
> but would prefer a white-list approach. Does anyone know how to do this?
>
> Sid
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100930/cc5e958c/attachment.html>


More information about the Freeradius-Users mailing list