You can create a group "deactivated" for the users you don't want to
allow to connect and set Auth-Type == Reject for that group.
If you want to tie a group to a certain NAS you have to use huntgroups:
TestNAS1 NAS-IP-Address == xxx.xxx.xxx.xxx
SQL-Group == dialup,
SQL-Group == adsl
It means that is the user is coming from this NAS it has to be a member
of those groups. Otherwise auth fail.
Is this what you are looking for?
At least this is my set up. If you find a better way please let me know.
Thanks,
Bogdan.
-----Original Message-----
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
ius.org] On Behalf Of Michael Schwartzkopff
Sent: May 11, 2006 4:22 AM
To: [email protected]
Subject: MySQL: Group membership test
Hi,
As a backend database to RADIUS I use MySQL. No I have a special
problem:
I want to autorize a user for a specific service only if the user is
member of
a specific group, say "RAS_User". This configuration is nescessary
because
this database is used also for other authentication/autorization.
The documentation says, that the authcheck_table is beeing searched for
the
user and the reply items in the authrepl_table are returned for the
user. I
did not find any hint how to configure my freeradius that way, that the
user
is autorized to use the service only if he is member of a specific
group. The
groupcheck is only adds further attributes.
In the ldap module f.i. I can use the "groupmembership_filter".
Is there anything similar in the sql module? How can I configure
freeradius or
the sql module to test the group membership?
Thanks for any help.
--
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn
Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75
PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
