Hi, I use the following scheme for Authentication using freeradius on Debian.
Apache<-->mod_auth_pam<-->PAM<-->pam_radius_auth<-->Freeradius I need to enable authorization with freeradius now. More specifically, there are 3 user groups; admin, operator and viewer on the webserver(NAS). The user should gain access to restricted files on the NAS only if the user group info matches the entry in the Radius 'users' database. Moreover, the authorization decision should be made on the NAS in order enable caching on the NAS later. Therefore, the 'group' info should be sent back to the NAS within the ACCESS-ACCEPT (or similar) packet???(I guess!!!) So far there has been no luck googlizing the problem, Can anyone tell me where to define and store values of these parameters in Radius and how to send this information to the nas to make a decision? Is there any other way to do it without changing the stated architecture??? /Rizwan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
