Hi All
> Sorry for the incomplete mail. I have a mail server and a couple of
> application servers inside my network. The RAS and VPN user ID and
> passwords are same. I want to restrict the user, once he is connected
> to VPN, to only use the mail and only one application server. Rest of
> the network must be denied to the user.
One, you completely ignored my answer:
> >What resources, and how will you recognize the two classes of users?
> >Answer those two questions via RADIUS attributes, and you have what
> >you want.
Two, now that you've explained it in a little more detail, what you
want is *routing* or *firewall* restrictions. I suggest reading the
documentation for your router/firewall to see how they implement it.
I understand that this can be done using RADIUS attributes using Framed-
Filter-Id. Here are my configs.
Huntgroups File:
===============
ras NAS-IP-Address == 100.200.300.400
ras NAS-IP-Address == 10.10.1.2
User-Name = mahesh
User-Name = kudva
Users File:
============
mahesh User-Password == "kudva", Huntgroup-Name == "ras"
Service-Type = Framed-User,
Framed-Protocol = PPP
Framed-Filter-Id == "std.in"
std.in file:
============
deny ip 10.10.1.3
Is there a specific syntax for the file? Also wireless clients inside the
orgazination will have to be authorized in the similar fashion.
Regards & Thanks
================
Mahesh S Kudva
-------------------------------------------------------
Robosoft Technologies - Partners in Product Development
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
