John Duino <[EMAIL PROTECTED]> wrote: > The NAS understands the "Attribute value pairs" information, in this > case either Class(25) or FilterId(11) labeling, with the returned value > being the group name(s). See discussion below.
It would have helped if you said this at the start. Talking about "why your solution doesn't do what you expect" is often a waste of time. Instead, talk about what you want to do. In this case, it's: - send a Class or Filter-Id attribute to the NAS, with the content being the names of the Unix groups to which the user belongs. > Why does it not have to do with radiusd.conf? The issue is that your problem was poorly defined. No amount of editing "radiusd.conf" will cause your problem to become well-defined. > The section I posted > previously labeled "passwd etc_group", and is directly FROM the default > radiusd.conf, is described as doing exactly what I expect/hope. No, it's not. It adds a "Group-Name" attribute, not a Class or Filter-Id. If you edit it to add "Class", or "Filter-Id", it will be a little better. > The radius server, upon positive authentication, should also then > parse the group directory (/etc/group, in this case, including its > NIS extension) The "passwd" module doesn't read directories. It reads files. It's documented as reading files. It's not documented as interacting with NIS. So the "passwed" module won't read "directories", with "NIS extensions". You've got to point it to each and every "group" file you want it to read. To do this, you probably need multiple instances of the module, one for each file you want it to read. > and return in the Authenticator additional information labeled as > "Attribute value pairs" that would, in this case, be the groups the user > belongs to. If you return them in the correct attributes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html