authentication by ip address
Christopher Carver
ccarver at pennswoods.net
Tue Nov 22 13:23:00 CET 2005
Mathias Dörr wrote:
>Hello,
>I have version 1.0.4 installed and trying know to make authorization/
>authentication by the remote ip address, instead of username and password.
>In the main distribution authorization/ authentication is based on username
>/password. Where is the starting point to get this implemented ?
>
>Many thanks
>Mathias
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
NAS-IP-Address or the user's actual Framed-IP-Address? In either case,
you could do it with huntgroups. Although if you are trying to do it
with Framed-IP-Address you might run into some problems getting this on
the auth request packet.
etc/huntgroups:
deniedIP NAS-IP-Address == 10.32.0.44
deniedIP NAS-IP-Address == 10.32.0.52
acceptedIP NAS-IP-Address == 192.168.0.33
acceptedIP NAS-IP-Address == 192.168.0.2
etc/users:
DEFAULT Huntgroup-Name == deniedIP, Auth-Type := Reject
DEFAULT Huntgroup-Name == acceptedIP, Auth-Type := Accept
The attribs you are creating the huntgroups with in etc/huntgroups must
be on the auth request packet as far as I know. This is a rather odd
request, so I'm wondering if I guessed your objective correctly.
-Chris Carver
More information about the Freeradius-Users
mailing list