How about setting Session-Timeout of the email only account to 1 ? This was I did (but not with FR).
/sm On Thu, 2003-01-23 at 00:28, Lisa Casey wrote: > Hi, > > We acquired an ISP who is using Freeradius. There are several accounts on > this system which are meant to be email only accounts (i.e. customers dial > in and are authenticated using their dial-up username/password, then once > they get connected they can check e-mail on that account or on a e-mail only > account). An e-mail only account should not, of course, be able to log in > via radius. > > However this isn't how it has been working. Take the case of username > sbmills who has a email only account of stan. Both sbmills and stan can dial > in and get authenticated via radius. So in the users file I created as my > first default entry: > > # > DEFAULT Group == "mailusers", Auth-Type := Reject > Reply-Message = "You are using a mailonly account." > # > > In /etc/group, I have a group mailonly, with GID of 105. Next I edited the > password filed (using vipw) and changed stan's group to 105. From the > testing I have done though, it still appears that this user can dial in > using the username stan and stan's password. Is there something I have > neglected to do? > > Thanks, > > Lisa Casey > Webmaster & SysAdmin > Netlink 2000, Inc. > [EMAIL PROTECTED] > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html