From owner-freebsd-isp  Tue Mar 31 08:08:56 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA11030
          for freebsd-isp-outgoing; Tue, 31 Mar 1998 08:08:56 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from sun-test.hightek.com (sun-test.hightek.com [194.74.141.100])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA10985
          for <freebsd-isp@FreeBSD.ORG>; Tue, 31 Mar 1998 08:08:49 -0800 (PST)
          (envelope-from andreas@klemm2.hightek.com)
Received: from klemm2.hightek.com ([195.90.203.76]) by sun-test.hightek.com
          (Netscape Mail Server v1.1) with ESMTP id AAA10094;
          Tue, 31 Mar 1998 18:10:01 +0200
Received: (from andreas@localhost)
	by klemm2.hightek.com (8.8.8/8.8.8) id SAA07754;
	Tue, 31 Mar 1998 18:08:43 +0200 (CEST)
	(envelope-from andreas)
Message-ID: <19980331180843.61228@hightek.com>
Date: Tue, 31 Mar 1998 18:08:43 +0200
From: Andreas Klemm <aklemm@hightek.com>
To: Chris Shenton <cshenton@it.hq.nasa.gov>,
        Andreas Klemm <aklemm@hightek.com>
Cc: freebsd-isp@FreeBSD.ORG
Subject: Re: radius, how to enable/diable logins on different type of NAS ?
References: <19980331111110.62824@hightek.com> <xoipvj2hmql.fsf@wirehead.it.hq.nasa.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89.1i
In-Reply-To: <xoipvj2hmql.fsf@wirehead.it.hq.nasa.gov>; from Chris Shenton on Tue, Mar 31, 1998 at 11:02:42AM -0500
X-Operating-System: FreeBSD 2.2.6-BETA
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, Mar 31, 1998 at 11:02:42AM -0500, Chris Shenton wrote:
> Livingston v2 supports auth where it can check the user against
> groups in /etc/group presumably (I haven't used this yet). But if
> you're not a Livingston customer, then the license doesn't let you use
> the SW.

We are Livingston customer and do have v 2.01 ;-)

> I've hacked the old free Livingston code as modified by Ascend to do a
> couple site-specific things here and it's not that hard. Could
> probably add a Dictionary entry for check-item 
> 
> 	Site-Hack-Group = "router"
> 
> etc, and then do a getpwent() or something to compare the groups.

Hmm is it perhaps the feature:

"NAS-IP-Address"
	= check item to specify the IP address of a particular
	  PortMaster. When this setting is used as a check item
          in a user entry, the user must attempt to start a connection
	  on the specified PortMaster for the connection to succeed. 

> Hummm... what this world need is a GRADIENT, a GNU RADIUS with full
> source and all the extended features (groups, checks for multiple
> logins, etc). Or maybe that's GRODIEST...

;-)

-- 
Andreas Klemm                                   <aklemm@hightek.com>
http://www.FreeBSD.ORG/~andreas/                <andreas@FreeBSD.ORG>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message