can policy.conf be used to create an access control list

michael lamborn spock41757 at yahoo.com
Fri May 6 09:14:51 CEST 2011


Hi,

I am using version freeRadius 1.1.7.  I am trying to create an access control 
list via radius, to prevent specific PC's/locations from accessing my network.  


Please see my policy.conf example below.  My freeRadius server keeps sending an 
access-accept, when I try to login in from my office as a test, which has the IP 
address 10.2.222.35.  


I don't understand why the server is allowing the login.  It seems logical to me 
the way that I have approached an implementation, but I can't find any specific 
info from the wiki or in internet searches.  So I am not sure if I am still 
misconfigured or if it just doesn't work for some other reason.

Thanks,
Mike

In policy.conf, I have the following, but it doesn't have any affect ( I do have
'$INCLUDE ${confdir}/policy.conf' in my radiusd.conf file):

policy {
   forbid_login_ip_hosts {
      %{request:Login-IP-Host} =~ /^10.2./ {
         reject
      }
   }
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110506/271de865/attachment.html>


More information about the Freeradius-Users mailing list