Alan,
Thank you very much for the information.
What I am looking for is to allow a user ("bob") to authenticate from any system he uses UNLESS that system is blocked from authenticating.
I mean "bob" could authenticate from "server1" but not from "server2" - restricting it (somehow) by the IP address of the source - not by the user account.
Nobody could authenticate from "server2" - anyone could authenticate from "server1" (with valid credentials).
It seems that AIX RADIUS cannot do this - can FreeRADIUS?
Someone else suggested using IPTables to not allow "server2" to talk to the RADIUS
server - but I thought that the communication was from the firewall to the RADIUS server, not from the user system (although I will be looking into this).
Anyway - to recap/summarize:
Can FreeRADIUS be configured to allow/disallow authentication based on the source IP address that the user is coming from and NOT the user account itself (allowing "bob" to authenticate from "server1" which is not 'banned', but not allowing "bob" to authenticate from "server2" which is 'banned')?
And, if so - how?
----- Original Message ----
From: Alan DeKok <aland@deployingradius.com>
To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Sent: Thursday, December 21, 2006 12:48:50 PM
Subject: Re: Questions from a totally ignorant n00b