John/Dan,
Here is what I'm using in production with a snapshot of Cistron from
April (I think). Remeber that you want to put the least expensive (CPU
wise) checks first that are most likely to get rejected. It should work
with FreeRadius (you might have to use ":=" in the check line instead of
"="; pardon the wrapping from my MUA -- it does what its told :):
____SNIP____ start /etc/raddb/users
DEFAULT Called-Station-Id = "1877", Group != tollcalls, Auth-Type = Reject
Reply-Message = "You are not an authorized user of our
DialAnywhere Service",
Fall-Through = Yes
DEFAULT Called-Station-Id = "1877", Group = tollcalls, Auth-Type = System
Ascend-Assign-IP-Pool = 2,
Fall-Through = Yes
DEFAULT Auth-Type = System
____SNIP____ end /etc/raddb/users
Hope that helps!
Cheers,
Mike
John McKinney wrote:
> Dan,
> I am trying to get freeradius setup. We are currently using Livingston
> Radius. They both allow for this as a check item.
>
> Something like:
>
> DEFAULT Auth-Type = System, Group = "login"
>
> DEFAULT Auth-Type = System, Group = "mailusers"
>
> Make sure you have a group 'login' and also 'mailusers' on the system and
> that the user belongs to that group. While I don't have the freeradius
> working yet, I believe this will work fine, if not someone will hopefully
> correct me. (maybe this is why I'm having trouble with authentication?:))
>
> Hope this helps,
> John McKinney
>
>>-----Original Message-----
>>From: [EMAIL PROTECTED]
>>To: [EMAIL PROTECTED]
>>Subject: Group authentication
>>
>>Greetings,
>>Is it possible to configure FreeRadius to only authenticate system
>>accounts that belong to a specific group? I'd like it to only accounts
>>that belong to group "pppusers" while rejecting accounts belonging to
>>other groups such as "emailusers". Thanks
>>
>>Dan Houtz
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
