From owner-freebsd-isp Tue Nov 10 11:21:34 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA02993 for freebsd-isp-outgoing; Tue, 10 Nov 1998 11:21:34 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from mail.palnet.com (mx2.palnet.com [192.116.16.7]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA02980 for ; Tue, 10 Nov 1998 11:21:08 -0800 (PST) (envelope-from rjebara@mail.palnet.com) Received: from localhost (rjebara@localhost) by mail.palnet.com (8.8.5/8.8.5) with SMTP id VAA05151; Tue, 10 Nov 1998 21:20:33 +0200 Date: Tue, 10 Nov 1998 21:20:33 +0200 (IST) From: Rami Abu Jebara To: William Bulley cc: freebsd-isp@FreeBSD.ORG Subject: Re: Grouping users with Radius In-Reply-To: <199811101811.NAA07554@ohm.merit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hmmm I thought it was just a matter or radius telling the difference between different unix user groups ... eg. user x belongs to e-mailonly (gid 200) on the system now on the server we have multiple DEFAULT entries, but with a different group each time ... they all authenticate against the same password file... the reply items though will differ.. user x logs in .. he get a filter .. user y .. for instance is an ISDN user (gid 300 ISDN) .. so I might want to limit this guy to dial in a to a certain hunt group .. etc ... this is what I am after .. Cistron has similar things, I had a brief look at it but .. it's a beta, and I realy cann't afford surprises. anyway web, thanks a lot for the tip .. I might hassel the cisco guys .. and I'll keep on digging .. cheers Rami **************************** Rami Abu Jebara Network/System Administrator Palnet Communications Ltd e-mail : rjebara@palnet.com Tel/Fax : ++ 972 2 583 5666 w w w . p a l n e t . c o m On Tue, 10 Nov 1998, William Bulley wrote: > According to Rami Abu Jebara: > > > > I have been trying to configure Merit Radius to > > do configure incoming filters depending on the > > unix user group .. but it's not working .. > > > > The idea is this, I don't want my e-mail only customers > > to have access to the web ... and I want a way to tell > > my Cisco .. to block everything except DNS,pop3,SMTP > > > > There is an attribute in merit for the User-Group > > but it does nothing .. > > > > am I missing something ... do I need to pay merit 2000$ (I think) for > > their enhanced version. do I need to change my radius software .. > > > > Radius : Merit 3.6B > > OS :FreeBSD 2.2.7 > > NAS : Cisco AS5200 > > This is a question for aaa-support@merit.edu not FreeBSD! :-) > > It is possible to set up filters on the NAS and have RADIUS > tell the NAS which filter to use (by name). > > I don't know how to do this with a Cisco, but perhaps > there is a Cisco VSA (or more than one) which will help > you to do this. I would talk to your Cisco support folks > if I were you. > > Regards, > > web... > > -- > William Bulley Senior Systems Research Programmer > Merit Network, Inc. Email: web@merit.edu > 4251 Plymouth Road, Suite C Phone: (734) 764-9993 > Ann Arbor, Michigan 48105-2785 Fax: (734) 647-3185 > > If entropy is increasing, where is it coming from? > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message