Alan, Could you perhaps give me a hint about how one would go about allowing any user from any system (_unless_ that system is listed for the specific purpose of not allowing anyone to authenticate from it) to authenticate?
----- Original Message ---- From: Alan DeKok <[EMAIL PROTECTED]> To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Sent: Thursday, December 21, 2006 11:47:47 AM Subject: Re: Questions from a totally ignorant n00b Gene Mosley wrote: > Users are authenticating from systems that they should not be > authenticating from - we need to block authentication on a per system > (IP address) basis, not a per user basis. You can do this in FreeRADIUS. Put users into different groups, and block the group from accessing particular systems. > Users should be allowed to authenticate from any system that they are > using _except_ a certain, specific list of IP addresses which would > basically be banned/blocked from authenticating. This can be done, too. > Is this something that FreeRADIUS can do? Yes. > I just started reading about it - and if nothing else it looks like > exec-program-wait might be used to test the IP address and return an > authentication failure? That will work, too, but will be less efficient. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html