ALTERNATIVE #1: Put a Auth-Type=Reject directly in the radcheck MySQL table for that user.
Example (reject user "fredf"):
mysql> select * from radcheck; +----+----------------+----------------+-----+---------+ | id | UserName | Attribute | op | Value | +----+----------------+----------------+-----+---------+ | 1 | fredf | Password | == | wilma | | 2 | barney | Password | == | betty | | 3 | wilma | Password | == | bambam | | 4 | fredf | Auth-Type | := | Reject | +----+----------------+----------------+-----+---------+
ALTERNATIVE #2:
Put that user in a Disabled group in the usergroup table and then, put a Disabled group in the radgroupcheck table with an A/V of Auth-Type=Reject.
Example (reject user "fredf"):
mysql> select * from radcheck; +----+----------------+----------------+-----+---------+ | id | UserName | Attribute | op | Value | +----+----------------+----------------+-----+---------+ | 1 | fredf | Password | == | wilma | | 2 | barney | Password | == | betty | | 3 | wilma | Password | == | bambam | +----+----------------+----------------+-----+---------+
mysql> select * from usergroup; +----+----------------+-----------------+ | id | UserName | GroupName | +----+----------------+-----------------+ | 1 | fredf | Dialup_Disabled | | 2 | barney | Dialup | | 3 | wilma | Dialup | +----+----------------+-----------------+
mysql> select * from radgroupcheck; +----+-----------------+-------------+-------+----------+ | id | GroupName | Attribute | op | Value | +----+-----------------+-------------+-------+----------+ | 1 | Dialup | Auth-Type | := | Local | | 2 | Dialup_Disabled | Auth-Type | := | Reject | +----+-----------------+-------------+-------+----------+
Thanks for your input,
Ed
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
