Hi,
We acquired an ISP who is using Freeradius. There are several accounts on
this system which are meant to be email only accounts (i.e. customers dial
in and are authenticated using their dial-up username/password, then once
they get connected they can check e-mail on that account or on a e-mail only
account). An e-mail only account should not, of course, be able to log in
via radius.
However this isn't how it has been working. Take the case of username
sbmills who has a email only account of stan. Both sbmills and stan can dial
in and get authenticated via radius. So in the users file I created as my
first default entry:
#
DEFAULT Group == "mailusers", Auth-Type := Reject
Reply-Message = "You are using a mailonly account."
#
In /etc/group, I have a group mailonly, with GID of 105. Next I edited the
password filed (using vipw) and changed stan's group to 105. From the
testing I have done though, it still appears that this user can dial in
using the username stan and stan's password. Is there something I have
neglected to do?
Thanks,
Lisa Casey
Webmaster & SysAdmin
Netlink 2000, Inc.
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
