Date: 31 Mar 1998 11:02:42 -0500 From: Chris Shenton <cshenton@it.hq.nasa.gov> To: Andreas Klemm <aklemm@hightek.com> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: radius, how to enable/diable logins on different type of NAS ? Message-ID: <xoipvj2hmql.fsf@wirehead.it.hq.nasa.gov> In-Reply-To: Andreas Klemm's message of Tue, 31 Mar 1998 11:11:10 %2B0200 References: <19980331111110.62824@hightek.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Andreas Klemm <aklemm@hightek.com> writes: > I'm using radius as authorization protocol for every kind of > NAS (network access router). I have two kinds of access servers: > USR for modem dialin and > Cisco router for router dialup > > Is there a way to define different kind of users within radius config > like: - "modem" > - "router" > and teach every network access server, that he should only accept > users of type modem or of type router ? Livingston v2 supports auth where it can check the user against groups in /etc/group presumably (I haven't used this yet). But if you're not a Livingston customer, then the license doesn't let you use the SW. I've hacked the old free Livingston code as modified by Ascend to do a couple site-specific things here and it's not that hard. Could probably add a Dictionary entry for check-item Site-Hack-Group = "router" etc, and then do a getpwent() or something to compare the groups. Hummm... what this world need is a GRADIENT, a GNU RADIUS with full source and all the extended features (groups, checks for multiple logins, etc). Or maybe that's GRODIEST... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xoipvj2hmql.fsf>