On Tue, 30 Nov 2004, Wesley Joyce wrote:
Hello all, I am new to the list and new to Radius. Radius was set up prior to me. I am sure I will get a lot of help from here when the docs are not specific to my issue.
I am using Sun One DS 5.2 as my authentication source and freeradius-0.8-1 on RH Linux. I did not extend the schema to included the radius object class.
Upgrading is a good idea.
How can I properly deny certain users or groups from being able to dial in and establish PPP sessions?
For groups:
DEFAULT Ldap-Group == "mygroup", Auth-Type := Reject
As for users you can just use an existing attribute (or add a new one) by using the access_attr configuration directive.
Or you could just use an existing attribute in the ldap filter, to filter out any users you don't want to allow access.
and the portion of my radius.conf that I think is relevant -
modules {
pam {
# pam_auth = radiusd
pam_auth = system-auth
}
ldap {
access_group = "cn=DialupUsers,ou=DialUsers,o=uvi.edu"
access_group is *heavily* deprecated. Don't use it. One of the reasons you should upgrade.
-- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
