>> Ok, I think I am getting closer. I have defined a new passwd module >>like >> so: >> >> passwd nas_group { >> filename = ${raddbdir}/nas_group >> format = "*NAS-IP-Address:,User-Name" >> }
> Thet creates a username by NAS IP address, I think... you don't want >to do that. > > See the "man" page for rlm_passwd. It says to create a group >attribute for a reason. > > Alan DeKok. OK, yes, I realize that was creating a user name. So if I change that format line to have a Group attribute instead of User-Name, then I have a Group being created by NAS-IP-Address. I still don't get how I can test to make sure that the user is part of this group. I have tried adding the group name to the usergroup table, but whether or not this value is correct (corresponds to the value in the nas_group file) or is even present doesn't make a difference. The user is always getting authenticated. Where does the logic need to lie to check that the user is a part of the named group? Simon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html