Hi Alan , Thanks for the help ! Your mail cleared a lot of doubts in my mind .
> >>The module "files" returns not found since there is no entry in the >>users file still the authorization is done with ldap . I was under >>the impression that if a user-name is not present in the users file >>then the user should be denied access OR am I doing something wrong >>here . >> > > The 'users' file is just one authorization method out of many. You > allowed LDAP to be used, so when you disallowed the users file, LDAP > was still permitted, and therefore it was used. > Actually I was under the impression , that the user will be first checked against the users file and if the authorization was successful would then be handed over to LDAP . Isn't that how it is done ? I have one more question . This is regarding huntgroups . I assume huntgroups is for restricting users to certain groups , right ? Excuse me if I am wrong here . The reason I am asking this question is , I have a requirement wherein I need to restrict users to login to certain NAS only . For eg : If have 2 NAS , NAS1 and NAS2 and I have users , say a,b,c and x,y,z . I want radius to authenticate users a,b,c only if they login to NAS1 and users x,y,z if they login to NAS2 . Something like : NAS1 => a,b,c NAS2 => x,y,z So in case user "a" logs into NAS1 and NAS1 sends a radius request to the radius server , the radius server should send a accept packet . But if user "x" tries to do the same ( ie, log into NAS1 ) , the radius server should reject it . This is in a corporate LAN and the authentication backend for radius is openldap . My question here is can I use the huntgroups file in the scenario wherein I am using LDAP as the authorization and authentication backend for radius and at the same time implement the above requirement . Or is there any other solution . I am looking at the RADIUS schema for ldap but I am not sure if that will help . Thanks in advance -Raj - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html