Add this to the top of your DEFAULT entries in the users file. DEFAULT Huntrgroup-Name == "dial", Ldap-Group == "nodial", Auth-Type := Reject
Define what the group attribute is in your radiusd.conf file. ie: groupname_attribute = radiusgroupname Define the dial NASes in your huntgroups file ie: dial NAS-IP-Address == x.x.x.x dial NAS-IP-Address == y.y.y.y It might be easier to define what services people have access to, rather than what they don't. In that case check out doc/ldap_howto.txt. -Dusty Doris On Fri, 26 Nov 2004, Daniel wrote: > Hi > > How would I deny access to a NAS for a group of users. > > I am using LDAP user and groups and mysql for accounting with > freeradius. I have some users that are part of "nodialup" group. I want > to deny them access to a few of our access servers but allow access to > the other access server on the network. > > I want to deny them access to our dialup access servers, but allow them > access to our ADSL access servers. > > I have a group "nodialup" if a user is a member of this group how do I > deny them access? > > I don't want to add the other users to groups. I just want to > specifically deny these users who are a member of this group access to > the dialup. Is this possible with huntgroups? Can't seem to get my head > around how to do this. Probably starring me in the face or am I going about > this wrong. > > Thanks for any help. > > Regards > Daniel > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html