Restricting access to NAS via http login authentication list

2010-05-19 Thread Peter Carlstedt 

Hello, 
Didnt really know what kind of title I should have given this one but I will 
try to explain what it is I am aiming for.
The switches I use supports both http and https login towards the switch to 
administrate it.
The switch has support for using an athentication towards a radius server to 
check if the user wanting to login to the switch is a existing user in the 
radius server.
The problem I have is that every user in the user file in Freeradius can access 
the switch when im using an authentication list which checks against the radius 
server. Is there anyway to restrict so that only one specific user in the users 
file can get access to the NAS?


Best regards/ Peter Carlstedt
  
_
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Restricting access to NAS via http login authentication list

2010-05-19 Thread Maciej Drobniuch 
i think that only the NAS has the power to decide it. RADIUS sends
only the accounts

2010/5/19 Peter Carlstedt pc_...@hotmail.com:
 Hello,
 Didnt really know what kind of title I should have given this one but I will
 try to explain what it is I am aiming for.
 The switches I use supports both http and https login towards the switch to
 administrate it.
 The switch has support for using an athentication towards a radius server to
 check if the user wanting to login to the switch is a existing user in the
 radius server.
 The problem I have is that every user in the user file in Freeradius can
 access the switch when im using an authentication list which checks against
 the radius server. Is there anyway to restrict so that only one specific
 user in the users file can get access to the NAS?


 Best regards/ Peter Carlstedt

 
 Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up
 now.
 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html




-- 
Pozdrawiam!
Maciej Drobniuch

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Restricting access to NAS via http login authentication list

2010-05-19 Thread Alan DeKok 
Peter Carlstedt wrote:
 The problem I have is that every user in the user file in Freeradius can
 access the switch when im using an authentication list which checks
 against the radius server. Is there anyway to restrict so that only one
 specific user in the users file can get access to the NAS?

  What is different between an administrator request, and a normal user
request?

  i.e. look at the contents of the Access-Request.  Odds are that
they're different.

  Then...

if (... looks like admin) {
check against admin login
}
else (... looks like normal user ...) {
check against normal user login
}

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html