Re: using radius user file to deny access

Steven P. Crain (scrain@shore.net)
Thu, 7 Nov 1996 16:13:10 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mury Johnson: "Re: Diff between 3.3.2c1 and 3.3.3"
Previous message: Steve Fogelson: "Re: Instant web creation"
In reply to: Joe Hartley: "Re: using radius user file to deny access"
Next in thread: Steven P. Crain: "Re: using radius user file to deny access"

-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 7 Nov 1996, Joe Hartley wrote:

> > We're running radius on a linux server (runs great - please no flames!).
> > Presently we're using the default 'UNIX' user to have radius authenticate
> > against the /etc/passwd file. Is there a clever way to add someone to the
> > radius USER file such that they would be denied dial-up PPP access thru the
> > PM but still have a valid userid/password in /etc/passwd? I'd like to have
> > it so that if they tried to dial in they would get some sort of 'access
> > denied' message.
>
> Sure. Put a line like this in users:
>
> username Password = "**noaccess**"

That's the idea, until someone figures out that they can use that
password. Better would be adding "Expiration = Jan 01 1990" or whatever
the correct syntax is for password expiration. Another option would be to
set User-Service[-Type] to something illegal like 99.

>
> They won't get in through the PM, but could telnet to the Unix
> host (if they have a valid shell) or get mail with POP even if the
> shell's set to /dev/null!
>
> We do this to allow extra, private email addresses for a dialup account.
> The user has an entry in users as shown above, and a shell of /dev/null.
> the result, no dialup, no telnet, no FTP, but POP access if they connect
> with another valid dialup account.
>
> ========================================================================
> Joe Hartley - jh@brainiac.com - brainiac services, inc
> PO Box 5069 : Greene, RI : 02827 - vox 401.539.9050 : fax 401.539.2070
> Without deviation from the norm, "progress" is not possible. - FZappa
>

- ----------------------------------------------------------------------------
Steven P. Crain scrain@shore.net http://www.shore.net/~scrain
Shore.Net Unix Development and Administration
An ISP with Excellence in the Greater Boston Area.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Finger me for a public key.

iQB1AwUBMoJQ7I0DAXSiDippAQFX3AMAgcE5Hvuar4a+vBFMQ4pVGM5TTm/YwTkM
MK/8/903P2/YEnC0mqcVEMIw4o0VmFUdXqMWzMFXT0dlLXa52hBoovHeuvwiiHM0
lGGx7YGImMZslKsIQaht3bL9KNrcuKHk
=TgKa
-----END PGP SIGNATURE-----

Next message: Mury Johnson: "Re: Diff between 3.3.2c1 and 3.3.3"
Previous message: Steve Fogelson: "Re: Instant web creation"
In reply to: Joe Hartley: "Re: using radius user file to deny access"
Next in thread: Steven P. Crain: "Re: using radius user file to deny access"