I have been using radius_2.0.l but wish to use the Group check-
item to allow access to certain NASes for specific group. My problem
is that I have a group where users can get access thru various PM2s and PM3s
whereas most other groups get access to one NAS.
My understanding from the archives is that at present the
Livingston radius will not let me list muliple NAS-IP-Address and that
it may be possible using CISTRON radius.
However, I may have found a workaround. I've tested it and it seems
to work but I need some comments to see if there is someting that may
screw up radius because I missed something.
These are the defaults from my current /etc/raddb/users file:
(The rest of the attributes were removed for brevity)
DEFAULT Auth-Type =3D System, Group =3D "group1", NAS-IP-Address =3D 1.2.3.4
DEFAULT Auth-Type =3D System, Group =3D "group2", NAS-IP-Address =3D 1.2.3.5
DEFAULT Auth-Type =3D System
I added the 2 "Reject" lines such as:
DEFAULT Auth-Type =3D System, Group =3D "group1", NAS-IP-Address =3D 1.2.3.4
DEFAULT Auth-Type =3D System, Group =3D "group2", NAS-IP-Address =3D 1.2.3.5
DEFAULT Auth-Type =3D Reject, Group =3D "group", NAS-IP-Address =3D 1.2.3.4
DEFAULT Auth-Type =3D Reject, Group =3D "group", NAS-IP-Address =3D 1.2.3.5
DEFAULT Auth-Type =3D System
=20
This allows users from group "group1" to use PM 1.2.3.4 and from
group "group2" to use PM 1.2.3.5.
This stops users from group "group" gaining access thru PMs=20
1.2.3.4 and 1.2.3.5 but allow them access thru all my other PMs.
Does that seem right???
thanx,
rich=20
Richard Chauss=E9 --------------------------------------
Glen-Net Communications
P.O. Box 837 Tel: (613) 525-3689
45 Main Street North Fax: (613) 525-3459
Alexandria, Ontario, Canada Email: rich@glen-net.ca
-------------------------------------------------------
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-radius' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>