Hi, We are using Freeradius 1.1.7 to authenticate a large group of users for one service, with a pgsql backend. I would now like to start using our radius servers to also authenticate other groups of users for specific services, e.g. admin users who can access an apache frontend etc using PAM.
My question is, what's the best way to classify and group the users to ensure that group X can access one service but group Y can access another, etc? My first thought is to use an attribute like the NAS-Id to identify the service and require certain user groups for each Nas id in the clients file. However, this does not allow any more granularity than the machine making the request -- for example, login, POP and httpd may all be on the same server but have different groups that should be able to access them. Can anyone point me in the right direction? Thanks, Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
