Date: Tue, 10 Nov 1998 21:20:33 +0200 (IST) From: Rami Abu Jebara <rjebara@mail.palnet.com> To: William Bulley <web@merit.edu> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Grouping users with Radius Message-ID: <Pine.LNX.3.95.981110210950.32223G-100000@mail.palnet.com> In-Reply-To: <199811101811.NAA07554@ohm.merit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
hmmm I thought it was just a matter or radius telling the difference between different unix user groups ... eg. user x belongs to e-mailonly (gid 200) on the system now on the server we have multiple DEFAULT entries, but with a different group each time ... they all authenticate against the same password file... the reply items though will differ.. user x logs in .. he get a filter .. user y .. for instance is an ISDN user (gid 300 ISDN) .. so I might want to limit this guy to dial in a to a certain hunt group .. etc ... this is what I am after .. Cistron has similar things, I had a brief look at it but .. it's a beta, and I realy cann't afford surprises. anyway web, thanks a lot for the tip .. I might hassel the cisco guys .. and I'll keep on digging .. cheers Rami **************************** Rami Abu Jebara Network/System Administrator Palnet Communications Ltd e-mail : rjebara@palnet.com Tel/Fax : ++ 972 2 583 5666 w w w . p a l n e t . c o m On Tue, 10 Nov 1998, William Bulley wrote: > According to Rami Abu Jebara: > > > > I have been trying to configure Merit Radius to > > do configure incoming filters depending on the > > unix user group .. but it's not working .. > > > > The idea is this, I don't want my e-mail only customers > > to have access to the web ... and I want a way to tell > > my Cisco .. to block everything except DNS,pop3,SMTP > > > > There is an attribute in merit for the User-Group > > but it does nothing .. > > > > am I missing something ... do I need to pay merit 2000$ (I think) for > > their enhanced version. do I need to change my radius software .. > > > > Radius : Merit 3.6B > > OS :FreeBSD 2.2.7 > > NAS : Cisco AS5200 > > This is a question for aaa-support@merit.edu not FreeBSD! :-) > > It is possible to set up filters on the NAS and have RADIUS > tell the NAS which filter to use (by name). > > I don't know how to do this with a Cisco, but perhaps > there is a Cisco VSA (or more than one) which will help > you to do this. I would talk to your Cisco support folks > if I were you. > > Regards, > > web... > > -- > William Bulley Senior Systems Research Programmer > Merit Network, Inc. Email: web@merit.edu > 4251 Plymouth Road, Suite C Phone: (734) 764-9993 > Ann Arbor, Michigan 48105-2785 Fax: (734) 647-3185 > > If entropy is increasing, where is it coming from? > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.95.981110210950.32223G-100000>