> Part of the problem may be that the "Group" attribute is > overloaded. If you're using groups from multiple sources, under the > same name, it's difficult to do the Right Thing. > The "Group" attribute should probably be removed, and replaced with > Unix-Group, LDAP-Group, etc.
Well, I'm cool with that, but this worked at one point. Right now, I've got users who are able to get online who shouldn't be able to, and that's Very Bad (tm). I also set Session-Timeouts and the like by group name, so I'm kinda screwed multiple ways here. I'm only pulling group names from the /etc/group file, so I don't believe I'm overloading the Group attribute (although I can certainly see your point on how it would be possible to do so.) Does anyone know what sort of changes were made to the source to have this break, and what can be done to fix it, even if there's one quick fix very soon and another more correct fix later on down the line? I'm not a programmer (at least, not in C) or I'd dig thru the source and attempt to help here. > The PAM module only does username/password authentication. I don't > even know *how* you would get the PAM module to do group access, as > PAM Just Doesn't Do That. That's what I thought. :) I was just throwing it out as a suggestion - I've seen nothing of the sort from PAM either. Thanks in advance for any help anyone can provide. Chris Kalin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
