Freeradius can do this, I believe (please correct me if I'm wrong, List).<br><br>However, you might want to consider firewalling those certain addresses on your radius server so authentication/accounting packets never reach your existing radius server daemon. Look into iptables, it should be fairly easy to do. It'd also save what is probably an unnecassary change of software for your purposes!
<br><br>Hope this helps,<br><br>Jan<br><br><div><span class="gmail_quote">On 21/12/06, <b class="gmail_sendername">Gene Mosley</b> <<a href="mailto:freeradius@mosleyfamily.org">freeradius@mosleyfamily.org</a>> wrote:
</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">
<div>I am currently running RADIUS under AIX (the AIX version of RADIUS) and having a problem.<br><br>It appears that the AIX RADIUS cannot be configured to work around this problem.<br><br>I was wondering if switching to FreeRADIUS would help?
<br><br><br><br>The problem is this:<br><br>Users are authenticating from systems that they should not be authenticating from - we need to block authentication on a per system (IP address) basis, not a per user basis.<br>
<br>Users should be allowed to authenticate from any system that they are using _except_ a certain, specific list of IP addresses which would basically be banned/blocked from authenticating.<br><br>Is this something that FreeRADIUS can do?
<br><br><br>I just started reading about it - and if nothing else it looks like exec-program-wait might be used to test
the IP address and return an authentication failure?<br><br><br><br><br><br></div></div></div>
<br>-<br>List info/subscribe/unsubscribe? See <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br><br>
</blockquote></div><br>