> Is there any way to get radius to restrict dial-in users based on
> inclusion or exclusion of a certain group. An internet cafe wants
> dial-in users to be able to use the on-site systems but on-site only
> users to be restricted from dial-in (while still having E-Mail & Web
> space on the Unix box).
>
> Currently, I am planning on writting a perl script to place all of
> the on-site only users in the /etc/raddb/users file with a different
> password to restrict them from dial-in use. Is there anyway for
> radius to say: user belongs to 'x' group therefore they are
> allowed/disallowed access.
Actually, we did this quite a while back. In the merit radius code, I just
patched into the 'auth' routines to look for the proper group code and or
description string to allow PPP, Shell, Slip and now ISDN access based on
the entries in the password file.
Works well. Our newuser program drops the user into the appropriate group
for his type of access. The radius server does the rest.
Later,
-----------------------------------------------------------------------------
Joe Portman - Alternate Access Inc. Affordable, Reliable Internet
baron@aa.net Mercer Island: (206) 230-8732 Seattle: (206) 443-3408
Tacoma: (206) 927-6010 Federal Way: (206) 838-8457
Bellevue: (206) 455-8414 Olympia : (360) 458-7279
For free trial account: set modem to 8-n-1, login as "new"
For questions or support, call our voice line (206) 728-9585.
-----------------------------------------------------------------------------