RADIUS is an AAA (Authentication, Authorization, Accounting) server. The common use is for authorizing authenticated users to use PPP on a dialup line but that doesn't limit you to using it for that purpose. Rather, the question is how you plan to use a radius client to tell the SMTP server that a particular user is authenticated but not authorized. We can come up with something on the RADIUS server side but I don't quite see how you're planning to do this on the SMTP server.
If ALL users who have to be authorized get their authorization to use the network from RADIUS then you could include a RADIUS traffic filter to block either all or just smtp traffic to your SMTP server from the clients and leave the SMTP application alone. The group of user authorized would NOT have the traffic filter and those that are not, would. If you are dealing with connections that don't come in through RADIUS then you're looking at perhaps SASL. On Thu, 5 Aug 2004, Steve Ross wrote: > > > >> Hi, > >> > >> I'm trying to discover if this is possible with freeRADIUS. I have read > >> through the FAQ and comments in some config files, but I'm still not > sure. > >> > >> I want to use a separate user/password table (stored in mySQL) for each > of > >> a > >> few applications (such as SMTP & dialup). Then when a RADIUS client > sends > >> a > >> request to freeRADIUS, I would like freeRADIUS to automatically lookup > >> requests from client1 in database table1 and requests from client2 in > >> database table2. > > > >why do you need to separate the tables? freeradius is flexible in > >attributes, it doesnt care where > >a user belongs to, as long as you do it with proper attributes and values. > > I would like to use the same freeRADIUS server to manage requests from SMTP > mail gateways (acting as RADIUS clients) and requests from dialup access > units. Some users may have permissions to use the SMTP gateway, but not > dialup or vice versa, or both. I thought I'd have 2 separate user lists in > mySQL, one being a list of those permitted to use SMTP and the other being a > list of those permitted to use dialup. So my first question is: Is it > possible for freeRADIUS to treat a request differently depending on which > source client (IP #) it came from? Secondly, could I implement what I've > stated above, or is there a better way? > > > >> Can freeRADIUS do this? If so, how? > > > >you can do it anyway by group attributes. > > > >if its not easy for you to adapt with dialup admin interface to create user > >over and over again on the same critieria, > >you can create your own script to create users under the same group. > >milver nisay > > Is the group attribute a field that I can set in mySQL? > > Thanks! > > - - - - - - - - - - - - - - - - - - - - - - > Steve Ross > 650-468-1194 > [EMAIL PROTECTED] > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
