Questions from a totally ignorant n00b
Alan DeKok
aland at deployingradius.com
Thu Dec 21 20:47:47 CET 2006
Gene Mosley wrote:
> Users are authenticating from systems that they should not be
> authenticating from - we need to block authentication on a per system
> (IP address) basis, not a per user basis.
You can do this in FreeRADIUS. Put users into different groups, and
block the group from accessing particular systems.
> Users should be allowed to authenticate from any system that they are
> using _except_ a certain, specific list of IP addresses which would
> basically be banned/blocked from authenticating.
This can be done, too.
> Is this something that FreeRADIUS can do?
Yes.
> I just started reading about it - and if nothing else it looks like
> exec-program-wait might be used to test the IP address and return an
> authentication failure?
That will work, too, but will be less efficient.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list