On Fri, Feb 18, 2005 at 01:29:50PM -0500, Dustin Doris wrote: > From: Dustin Doris <[EMAIL PROTECTED]> > To: freeradius-users@lists.freeradius.org > Subject: Re: Grouping accounts > Date: Fri, 18 Feb 2005 13:29:50 -0500 (EST) > > > > Hi, > > > > Currently our users log on to our system and are authenticated by the > > Radius server. Then, when they access a server, they log in with local > > user accounts. > > > > Sometimes these accounts are the same name as the Radius account they > > logged into originally, but not always. > > > > Is it possible, using FreeRadius, to group these accounts together and > > have all access controlled by the Radius server. > > > > For instance: > > > > joeuser logs into the system and is authenticated by Radius. > > > > He then logs onto the ftp server. Can this be authorized by Radius using > > a different id/password but as a subset of "joeuser" so he can still be > > tracked and billed using just the main Radius account? > > > > I would really try to move to the same username/password pair for all > users. It will uncomplicate your work a lot. Proftpd supports radius as > well as sql and ldap for authentication. So you could switch your FTP > server to use proftpd and then have it use radius to authenticate. Or if > you users are stored in a backend like ldap or sql, you could connect > directly to it instead of using radius. If you do that, you will need to > add some more things to your radius/backend, such as user homdir, shell, > uid, gid, but it would be worth it in the long run. Thanks for the replies, I thought this was the way to go, it just means more work initially and we wanted the least disruption to our customers.
Steven Wayne -- .''`. : :' : `. `'` `- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html