"Chris A. Kalin" <[EMAIL PROTECTED]> wrote: > I'm trying to set certain attributes based on my users' GIDs in the > /etc/passwd file. > > For example: > > DEFAULT Group == "nologin", Auth-Type := Reject > > Should (and used to) prevent any users in my "nologin" group from logging > in. I upgraded to 0.5 from 0.3-ish CVS on this particular server, and now > it's cheerfully ignoring these lines, eventually matching the DEFAULT entry > that lets everyone in.
Part of the problem may be that the "Group" attribute is overloaded. If you're using groups from multiple sources, under the same name, it's difficult to do the Right Thing. The "Group" attribute should probably be removed, and replaced with Unix-Group, LDAP-Group, etc. > I'm using the "unix" module for auth, not PAM. I can switch to PAM if need > be, but I remember having _no_ luck with groups under PAM. The PAM module only does username/password authentication. I don't even know *how* you would get the PAM module to do group access, as PAM Just Doesn't Do That. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
