<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">Alan,<br><span> I read the FAQ section which you posted (<a target="_blank" href="http://wiki.freeradius.org/index.php/FAQ#How_do_I_deny_access_to_a_specific_user.2C_or_group_of_users.3F">http://wiki.freeradius.org/index.php/FAQ#How_do_I_deny_access_to_a_specific_user.2C_or_group_of_users.3F</a>).</span><br> It talks about denying access to a specific user, or a group of users - which is not what I need.<br><br> I need to deny access to specific IP addresses - not specific users.<br><br> Anyone from any IP address should be able to authenticate (which is the default) - but nobody should be able to authenticate from specific IP addresses.<br><br>
If I have servers:<br> 10.11.12.1<br> 10.11.12.2<br> 10.11.12.3<br> 10.11.12.4<br><br> Then Bob should be able to authenticate from all of them - UNLESS for some reason I wanted to block authentication from 10.11.12.4 - then what would I need to do in order to make it so that anyone trying to authenticate from 10.11.12.4 would be rejected (again, based on the IP address, not their user name or group)?<br><br><br><br><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">----- Original Message ----<br>From: Alan DeKok <aland@deployingradius.com><br>To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org><br>Sent: Thursday, December 21, 2006 3:22:12 PM<br>Subject: Re: Questions from a totally ignorant n00b<br><br><div>Gene Mosley wrote:<br>><br>>
What I am looking for is to allow a user ("bob") to authenticate<br>> from any system he uses UNLESS that system is blocked from authenticating.<br><br> Perhaps you could try reading the FAQ entry I pointed to earlier. It<br>tells you how to do exactly that.<br><br>> It seems that AIX RADIUS cannot do this - can FreeRADIUS?<br><br> Have you been reading my responses?<br><br>> Can FreeRADIUS be configured to allow/disallow authentication based<br>> on the source IP address that the user is coming from and NOT the user<br>> account itself (allowing "bob" to authenticate from "server1" which is<br>> not 'banned', but not allowing "bob" to authenticate from "server2"<br>> which is 'banned')?<br>> And, if so - how?<br><br> Go read my messages, and the FAQ entry I posted?<br><br> Alan DeKok.<br>--<br> <a target="_blank"
href="http://deployingradius.com">http://deployingradius.com</a> - The web site of the book<br> <a target="_blank" href="http://deployingradius.com/blog/">http://deployingradius.com/blog/</a> - The blog<br>- <br>List info/subscribe/unsubscribe? See <a target="_blank" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br></div></div><br></div></div></body></html>