I'm hoping someone may be able to give me some pointers or thoughts. I have a scenario where we have two separate external organizations who provide service to our dialup customers. Each of these companies has their own RADIUS servers which accept the request from whichever of the 1000's of NAS' is handling the customer and they proxy the request to our RADIUS server for authentication. One of these providers provides coverage in additional regions not covered by the other, but it's an additional cost to us when our customer uses it.
My problem/question is this... is it possible to set up somehow so that I can create a couple of Unix groups (call them poola and poolb) and then control whether the login is denied partially on the RADIUS server that is asking. So if I set all users to have a membership in poola by default, and then only added users to the poolb group if they've paid the upcharge on their account... if an authentication request came from the poolb provider's RADIUS server but the user were not a member of the poolb group, the request would be denied. This may be insanely simple, but I've been staring at the problem for a couple of days and it's not sinking in (maybe I need more... or less eggnog). Denying from a group I can do... but how to deny from a group conditionally on which radius server the request is coming from is what I can't quite figure. Any tips, hints, pointers or workarounds gratefully accepted. Seasons greetings to all! Cheers, >>>>> Mike <<<<< - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
