I am currently running RADIUS under AIX (the AIX version of RADIUS) and having a problem.
It appears that the AIX RADIUS cannot be configured to work around this problem.
I was wondering if switching to FreeRADIUS would help?
The problem is this:
Users are authenticating from systems that they should not be authenticating from - we need to block authentication on a per system (IP address) basis, not a per user basis.
Users should be allowed to authenticate from any system that they are using _except_ a certain, specific list of IP addresses which would basically be banned/blocked from authenticating.
Is this something that FreeRADIUS can do?
I just started reading about it - and if nothing else it looks like exec-program-wait might be used to test
the IP address and return an authentication failure?