Questions from a totally ignorant n00b

Jan Mulders lastchancehotel at gmail.com
Thu Dec 21 20:46:44 CET 2006


Freeradius can do this, I believe (please correct me if I'm wrong, List).

However, you might want to consider firewalling those certain addresses on
your radius server so authentication/accounting packets never reach your
existing radius server daemon. Look into iptables, it should be fairly easy
to do. It'd also save what is probably an unnecassary change of software for
your purposes!

Hope this helps,

Jan

On 21/12/06, Gene Mosley <freeradius at mosleyfamily.org> wrote:
>
> I am currently running RADIUS under AIX (the AIX version of RADIUS) and
> having a problem.
>
> It appears that the AIX RADIUS cannot be configured to work around this
> problem.
>
> I was wondering if switching to FreeRADIUS would help?
>
>
>
> The problem is this:
>
> Users are authenticating from systems that they should not be
> authenticating from - we need to block authentication on a per system (IP
> address) basis, not a per user basis.
>
> Users should be allowed to authenticate from any system that they are
> using _except_ a certain, specific list of IP addresses which would
> basically be banned/blocked from authenticating.
>
> Is this something that FreeRADIUS can do?
>
>
> I just started reading about it - and if nothing else it looks like
> exec-program-wait might be used to test the IP address and return an
> authentication failure?
>
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061221/96d5e300/attachment.html>


More information about the Freeradius-Users mailing list