Bob Franklin wrote: > The way I can see to do this is allow clients to submit requests with a > custom local attribute (e.g. 'UCam-Requested-Service'). If this > attribute were present, we would fail the authentication if the user was > not a member of the appropriate group (but otherwise authenticated OK).
That's pretty much the best way to do it. The rest of RADIUS works like this. See "Service-Type" for an attribute that requests different kinds of service. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
