Re: using radius user file to deny access

Joe Hartley (jh@metheny.brainiac.com)
Thu, 7 Nov 96 15:28:44 EST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jim Bender: "pipe130 <-> IRX"
Previous message: Jaime Bozza: "Re: Instant web creation"
Maybe in reply to: John Driscoll: "using radius user file to deny access"
Next in thread: Mike Taylor: "Re: using radius user file to deny access"

> We're running radius on a linux server (runs great - please no flames!).
> Presently we're using the default 'UNIX' user to have radius authenticate
> against the /etc/passwd file. Is there a clever way to add someone to the
> radius USER file such that they would be denied dial-up PPP access thru the
> PM but still have a valid userid/password in /etc/passwd? I'd like to have
> it so that if they tried to dial in they would get some sort of 'access
> denied' message.

Sure. Put a line like this in users:

username Password = "**noaccess**"

They won't get in through the PM, but could telnet to the Unix
host (if they have a valid shell) or get mail with POP even if the
shell's set to /dev/null!

We do this to allow extra, private email addresses for a dialup account.
The user has an entry in users as shown above, and a shell of /dev/null.
the result, no dialup, no telnet, no FTP, but POP access if they connect
with another valid dialup account.

========================================================================
Joe Hartley - jh@brainiac.com - brainiac services, inc
PO Box 5069 : Greene, RI : 02827 - vox 401.539.9050 : fax 401.539.2070
Without deviation from the norm, "progress" is not possible. - FZappa

Next message: Jim Bender: "pipe130 <-> IRX"
Previous message: Jaime Bozza: "Re: Instant web creation"
Maybe in reply to: John Driscoll: "using radius user file to deny access"
Next in thread: Mike Taylor: "Re: using radius user file to deny access"