denying loggins
Jonathan Hutchins
hutchins at opus1.com
Thu Mar 14 22:18:29 CST 2002
----- Original Message -----
From: "Dale Herring" <dale_n_ks at yahoo.com>
> This is for users that have two logins. One that I
> allow them to connect with and the second is a curtesy
> e-mail account. They can connect with the primary
> user-name, but not the secondary. Or that is the idea
> behind it anyway. The secondary will only allow them
> to check e-mail with program such as OE or webmail
Ok, so for the second id, they have POP or IMAP access, but not dial-up,
telnet, ssh or shell.
What you need is a way to make the radius system deny some usernames, but
not others. Now in NT, this would be a matter of granting/denying
privileges in some security manager - User Manager for Domains would let you
create a group and deny "log in locally, log in over network" to that group;
RAS would require you to grant permission to users who needed to dial in,
and Exchange Server Administrator would let you create mail accounts that
weren't tied to specific user ID's.
More information about the Kclug
mailing list