> Hi, > > Currently our users log on to our system and are authenticated by the > Radius server. Then, when they access a server, they log in with local > user accounts. > > Sometimes these accounts are the same name as the Radius account they > logged into originally, but not always. > > Is it possible, using FreeRadius, to group these accounts together and > have all access controlled by the Radius server. > > For instance: > > joeuser logs into the system and is authenticated by Radius. > > He then logs onto the ftp server. Can this be authorized by Radius using > a different id/password but as a subset of "joeuser" so he can still be > tracked and billed using just the main Radius account? > > Thanks, > Steven Wayne > --
I would really try to move to the same username/password pair for all users. It will uncomplicate your work a lot. Proftpd supports radius as well as sql and ldap for authentication. So you could switch your FTP server to use proftpd and then have it use radius to authenticate. Or if you users are stored in a backend like ldap or sql, you could connect directly to it instead of using radius. If you do that, you will need to add some more things to your radius/backend, such as user homdir, shell, uid, gid, but it would be worth it in the long run. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
