Ok. I got the "presidentlogin" working for certain port numbers. Works great. One more question though, what if I also wanted the "vicepresidentlogin" to be able to login to those nas port numbers. For example:
#NAS PORT 3 = 1800xxxxxxx DEFAULT Nas-Port == 3, User-Name != presidentlogin, Auth-Type := Reject DEFAULT Nas-Port == 3, User-Name != vicepresidentlogin, Auth-Type := Reject #NAS PORT 9 = 1866xxxxxxx DEFAULT Nas-Port == 9, User-Name != presidentlogin, Auth-Type := Reject #NAS PORT 10 = 1866xxxxxxx DEFAULT Nas-Port == 10, User-Name != presidentlogin, Auth-Type := Reject #ALL OTHER PORTS/PHONE NUMBERS DEFAULT Group == "nisras", Auth-Type := System When I have this setup, the president or vicepresident cannot login to port 3, but the president can still login to ports 9 and 10 and the others fine. I tried doing the DEFAULT Nas-Port == 3, User-Name != presidentlogin,vicepresidentlogin, Auth-Type := Reject but that failed miserably. Thanks for your help!!! jamie >>> [EMAIL PROTECTED] 03/02/04 08:31AM >>> JAMIE CRAWFORD escreveu: >Hello, >Is there a way to limit the users to login to certain ports on the ras >server. For example, I need to allow the president of the company to >dialin to the 1800number configured which would be port 3 on the ras >sever. I need to make sure that he can get in at any time and no one >else can take that port. The other ports are all local dialin numbers. >Just to clarify. I have a patton 2960/16 connected to a bit-robbed T1. >This allows us to have 16 concurrent dialup connections. But I only want >15 for general use, and the 16th for only the president. > > There is a NAS-Port-Id attribute. You'd have to check the authenticate packets that are arriving from your RAS to see if that contains 3 for port 3. If it does you can add a line to your users file: DEFAULT Nas-Port-Id == 3, User-Name != presidentlogin, Auth-Type := Reject That should reject anyone else but the president who tries to login on port 3. Hope that helps, Keith Yoder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
