Thanks Hugh, I saw that but did not put it together with the aut-type = reject.
Mike On Sat, 13 Sep 2003, Hugh Irvine wrote: > > Hello Mike - > > Yes this is quite simple to acheive. > > <Handler Realm=MODEMS> > RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ > <AuthBy GROUP> > AuthByPolicy ContinueUntilReject > > <AuthBy FILE> > Filename %D/reject.users > AcceptIfMissing > </AuthBy> > > <AuthBy PAM> > Fork > Service radiusd > </AuthBy> > > </AuthBy> > AuthLog Modem_Login_Failures > AcctLogFileName %L/Modems.log > </Handler> > > > The file "%D/reject.users" would contain something like this: > > # reject.users > > username1 Auth-Type = Reject > > username2 Auth-Type = Reject > > ....... > > > If you have any other questions, please contact me. > > regards > > Hugh > > > On Saturday, Sep 13, 2003, at 06:56 Australia/Melbourne, Forbes Mike > wrote: > > > > > I have a request to block certain users access to our modem pool. > > > > Users are first authenticated by kerb via PAM. What I would like to > > do is > > have radius then check to see if they are listed in a file and reject > > them > > only if they are listed. If they are not in the file they can logon. > > > > I saw the username authtype example in the manual, is there a way to do > > this in a file for a larger number? > > > > Could you do the AuthByPolicy ContinueWhileReject and put this before > > my > > authbypam below? > > > > My handler is below. > > > > Mike Forbes > > > > > > <Handler Realm=MODEMS> > > RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ > > <AuthBy GROUP> > > AuthByPolicy ContinueUntilReject > > <AuthBy PAM> > > Fork > > Service radiusd > > </AuthBy> > > </AuthBy> > > AuthLog Modem_Login_Failures > > AcctLogFileName %L/Modems.log > > </Handler> > > > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > > > > > NB: have you included a copy of your configuration file (no secrets), > together with a trace 4 debug showing what is happening? > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.