Hello Bryn -
At 15:55 -0800 00/12/21, Bryn Wm. Moslow wrote:
>I could swear up and down that I once saw an example of this either in the
>Radiator reference or the FAQ but I can no longer dig it up:
>
>I need to refuse logins on certain NAS's for explicit UNIX groups. For the
>sake of precision I'll also describe it this way: I need to allow users in
>certain UNIX groups to ONLY log in to certain NAS's. Either way works for
>me.
>
>I got the impression that this may be possible using NAS-Address-Port-List
>in a creative way but I remember seeing a really simple, direct way of
>doing it. Suggestions or directional assistance?
>
Probably the simplest way to do this is with an AuthBy FILE:
# configuration to check NAS and UNIX groups
<Client .....>
Identifier XXXX
.....
</Client>
<AuthBy UNIX>
Identifier CheckUnix
.....
</AuthBy>
<AuthBy FILE>
Identifier CheckUsers
Filename %D/users
....
</AuthBy>
<Realm ....>
....
AuthBy CheckUsers
....
</AuthBy>
And in the users file:
# %D/users
someuser NAS-Identifier = XXXX, Auth-Type = CheckUnix, Group = .....
......
If you have any questions please ask.
hth
Hugh
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
