A few years ago when we first set up RADIUS we performed a relatively
simple hack to check the users shell when authenticating via the unix
password routine (master.passwd file BSD). The majority of our users are
checked via the unix system. Basically users with /hold, /nopay,
/disconnected, and /usr/contrib/bin/pine (email only account) would be
rejected and sent an appropriate reply, for /nopay, "Due to lack of payment
this account has been disconnected...", for /...pine, "This account is for
email only.", etc. This capability is a hack to radiusd.c in 1.16 and I
can elaborate further if necessary. (per recent discussions on the list, I
understand reply messages will be in a future radiator release. We do
have a fair number of clients that get these messages and it would
definately increase our support call rate if users no longer knew why
their logon attempt was rejected. FYI, clients that do receive these
reject messages include macppp users, winsock script users, and just about
anyone using a logon script.)
Anyway, we very much need this functionality in radiator. I suppose it
could be done with group checks and replies (in the next release?) however
I would like to be able to check against the shell for legacy and other
reasons.
If this can be accomplished without hacking the source I would be very
happy. However, if necessary, I am willing to take the steps to maintain
legacy compatibility and modify the source.
Thanks for any info!
-Dave Munroe
Novagate
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
