From owner-freebsd-isp  Tue Mar 31 08:03:02 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA09537
          for freebsd-isp-outgoing; Tue, 31 Mar 1998 08:03:02 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from gratia.it.hq.nasa.gov (gratia.it.hq.nasa.gov [131.182.119.134])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA09527
          for <freebsd-isp@FreeBSD.ORG>; Tue, 31 Mar 1998 08:02:58 -0800 (PST)
          (envelope-from cshenton@gratia.it.hq.nasa.gov)
Received: from wirehead.it.hq.nasa.gov (WireHead.it.hq.nasa.gov [131.182.119.88]) by gratia.it.hq.nasa.gov (8.7.5/8.7.3) with ESMTP id KAA06173; Tue, 31 Mar 1998 10:55:51 -0500 (EST)
Received: (from cshenton@localhost)
	by wirehead.it.hq.nasa.gov (8.8.8/8.8.8) id LAA03433;
	Tue, 31 Mar 1998 11:02:42 -0500 (EST)
To: Andreas Klemm <aklemm@hightek.com>
Cc: freebsd-isp@FreeBSD.ORG
Subject: Re: radius, how to enable/diable logins on different type of NAS ?
References: <19980331111110.62824@hightek.com>
From: Chris Shenton <cshenton@it.hq.nasa.gov>
Date: 31 Mar 1998 11:02:42 -0500
In-Reply-To: Andreas Klemm's message of Tue, 31 Mar 1998 11:11:10 +0200
Message-ID: <xoipvj2hmql.fsf@wirehead.it.hq.nasa.gov>
Lines: 29
X-Mailer: Gnus v5.5/Emacs 20.2
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Andreas Klemm <aklemm@hightek.com> writes:

> I'm using radius as authorization protocol for every kind of
> NAS (network access router). I have two kinds of access servers:
> 	USR for modem dialin and
> 	Cisco router for router dialup
> 
> Is there a way to define different kind of users within radius config
> like:	- "modem"
> 	- "router"
> and teach every network access server, that he should only accept
> users of type modem or of type router ?

Livingston v2 supports auth where it can check the user against
groups in /etc/group presumably (I haven't used this yet). But if
you're not a Livingston customer, then the license doesn't let you use
the SW.

I've hacked the old free Livingston code as modified by Ascend to do a
couple site-specific things here and it's not that hard. Could
probably add a Dictionary entry for check-item 

	Site-Hack-Group = "router"

etc, and then do a getpwent() or something to compare the groups.

Hummm... what this world need is a GRADIENT, a GNU RADIUS with full
source and all the extended features (groups, checks for multiple
logins, etc). Or maybe that's GRODIEST...

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message