access only particular website through RADIUS
dear Friends. I am a very new user of RADIUS. how can I configure this RADIUS for a particular USER,such as when that USER login with RADIUS,then that user only get PERMIT to access a fixed WEBSITE only,the rest others will b BLOCKED for that particular USER. Can I do that with this RADIUS server?
Others may correct me but I believe that this is not the role of the RADIUS server. To actually do this kind of "filtering" you need to use other technologies such as proxies or captive portal (see chillispot). Regards, Liran. On 8/26/07, zamshed <zamshed.email@gmail.com> wrote:
dear Friends. I am a very new user of RADIUS. how can I configure this RADIUS for a particular USER,such as when that USER login with RADIUS,then that user only get PERMIT to access a fixed WEBSITE only,the rest others will b BLOCKED for that particular USER. Can I do that with this RADIUS server?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
liran tal wrote:
Others may correct me but I believe that this is not the role of the RADIUS server. To actually do this kind of "filtering" you need to use other technologies such as proxies or captive portal (see chillispot). Yep for the most part your correct. However, some specific NAS vendors like HP, have included Access Control List features setable using VSAs (Vendor specific attributes). But these are usually only available on the prohibitively expensive switches.
Firewall, proxy server,or captive portal is the way to go with this one... Though if you want proper 802.1x authentication , then it's firewall/proxy server only.
Regards, Liran.
On 8/26/07, *zamshed* <zamshed.email@gmail.com <mailto:zamshed.email@gmail.com>> wrote:
dear Friends. I am a very new user of RADIUS. how can I configure this RADIUS for a particular USER,such as when that USER login with RADIUS,then that user only get PERMIT to access a fixed WEBSITE only,the rest others will b BLOCKED for that particular USER. Can I do that with this RADIUS server?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
------------------------------------------------------------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 8/26/07, Arran Cudbard-Bell <A.Cudbard-Bell@sussex.ac.uk> wrote:
liran tal wrote:
Others may correct me but I believe that this is not the role of the RADIUS server. To actually do this kind of "filtering" you need to use other technologies such as proxies or captive portal (see chillispot). Yep for the most part your correct. However, some specific NAS vendors like HP, have included Access Control List features setable using VSAs (Vendor specific attributes). But these are usually only available on the prohibitively expensive switches.
Firewall, proxy server,or captive portal is the way to go with this one... Though if you want proper 802.1x authentication , then it's firewall/proxy server only.
Regards, Liran.
For an example of how to do this with Apache, you can see this page. You may not want two-factor authentication, but the idea is the same. Note that there have been problems reported using a version of Apache later than 2.2.2. http://www.wikidsystems.com/documentation/howtos/how-to-add-two-factor-authe... HTH, Nick
On 8/26/07, *zamshed* <zamshed.email@gmail.com <mailto:zamshed.email@gmail.com>> wrote:
dear Friends. I am a very new user of RADIUS. how can I configure this RADIUS for a particular USER,such as when that USER login with RADIUS,then that user only get PERMIT to access a fixed WEBSITE only,the rest others will b BLOCKED for that particular USER. Can I do that with this RADIUS server?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
------------------------------------------------------------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication
Hello, We do this kind of stuff for our users. When our users run out of credit, instead of rejecting them, we return a different ip-pool to the user(ex: 10.10.X.X)
From that ip-pool, users can only access our ticketing system, payment gateways and such.(ex: from 10.10.X.X users can access few ip addresses) After making payment, they reconnect and get a normal ip address which they have full access to everything. Cheers Parham
-----Original Message----- From: freeradius-users-bounces@lists.freeradius.org [mailto:freeradius-users-bounces@lists.freeradius.org] On Behalf Of Nick Owen Sent: Monday, August 27, 2007 2:49 AM To: FreeRadius users mailing list Subject: Re: access only particular website through RADIUS On 8/26/07, Arran Cudbard-Bell <A.Cudbard-Bell@sussex.ac.uk> wrote:
liran tal wrote:
Others may correct me but I believe that this is not the role of the RADIUS server. To actually do this kind of "filtering" you need to use other technologies such as proxies or captive portal (see chillispot). Yep for the most part your correct. However, some specific NAS vendors like HP, have included Access Control List features setable using VSAs (Vendor specific attributes). But these are usually only available on the prohibitively expensive switches.
Firewall, proxy server,or captive portal is the way to go with this one... Though if you want proper 802.1x authentication , then it's firewall/proxy server only.
Regards, Liran.
For an example of how to do this with Apache, you can see this page. You may not want two-factor authentication, but the idea is the same. Note that there have been problems reported using a version of Apache later than 2.2.2. http://www.wikidsystems.com/documentation/howtos/how-to-add-two-factor-a uthentication-to-apache/ HTH, Nick
On 8/26/07, *zamshed* <zamshed.email@gmail.com <mailto:zamshed.email@gmail.com>> wrote:
dear Friends. I am a very new user of RADIUS. how can I configure this RADIUS for a particular USER,such as when that USER login with RADIUS,then that user only get PERMIT to access
a
fixed WEBSITE only,the rest others will b BLOCKED for that particular
USER.
Can I do that with this RADIUS server?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (6)
-
Arran Cudbard-Bell -
liran tal -
Nick Owen -
Parham Beheshti -
Santiago Balaguer García -
zamshed