Pete, On Sat, May 25, 2013 at 02:31:12PM -0600, Pete Ashdown wrote:
I'm trying to restrict a guest user from a single NAS-IP-Address via "users" and I can't get it to work.
Doesn't work:
test NAS-IP-Address == "127.0.0.1" Auth-Type := Accept
Try: test NAS-IP-Address == "127.0.0.1", Auth-Type := Accept The first line is matches against the incoming request packets, and setting things in the control list. The subsequent lines are entries for the reply packet. Auth-Type is a control item. This is documented in the users file - read it carefully and look at the examples, such as "deny access for a group of users". But for restricting users, I doubt you want "Accept"! :)
Also, how would I do this for a group of NAS IP addresses? Is it possible to assign them to a group in "clients.conf" that can be later checked against in "users"? Where is the documentation of what can be tested against in the "users" file?
Add entries in the huntgroups file: blockednaslist NAS-IP-Address == 127.0.0.1 blockednaslist NAS-IP-Address == 127.0.1.1 then use something like this in users: testuser Huntgroup-Name == "blockednaslist", Auth-Type := Reject Don't forget that NAS-IP-Address can be spoofed if you permit NASes not under your own control. Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>