Questions from a totally ignorant n00b

Gene Mosley freeradius at mosleyfamily.org
Tue Dec 26 18:51:16 CET 2006 

Alan,
    I read the FAQ section which you posted (http://wiki.freeradius.org/index.php/FAQ#How_do_I_deny_access_to_a_specific_user.2C_or_group_of_users.3F).
    It talks about denying access to a specific user, or a group of users - which is not what I need.

    I need to deny access to specific IP addresses - not specific users.

    Anyone from any IP address should be able to authenticate (which is the default) - but nobody should be able to authenticate from specific IP addresses.

    If I have servers:
        10.11.12.1
        10.11.12.2
        10.11.12.3
        10.11.12.4

    Then Bob should be able to authenticate from all of them - UNLESS for some reason I wanted to block authentication from 10.11.12.4 - then what would I need to do in order to make it so that anyone trying to authenticate from 10.11.12.4 would be rejected (again, based on the IP address, not their user name or group)?



----- Original Message ----
From: Alan DeKok <aland at deployingradius.com>
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Sent: Thursday, December 21, 2006 3:22:12 PM
Subject: Re: Questions from a totally ignorant n00b

Gene Mosley wrote:
>
>     What I am looking for is to allow a user ("bob") to authenticate
> from any system he uses UNLESS that system is blocked from authenticating.

  Perhaps you could try reading the FAQ entry I pointed to earlier.  It
tells you how to do exactly that.

>     It seems that AIX RADIUS cannot do this - can FreeRADIUS?

  Have you been reading my responses?

>     Can FreeRADIUS be configured to allow/disallow authentication based
> on the source IP address that the user is coming from and NOT the user
> account itself (allowing "bob" to authenticate from "server1" which is
> not 'banned', but not allowing "bob" to authenticate from "server2"
> which is 'banned')?
>     And, if so - how?

  Go read my messages, and the FAQ entry I posted?

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061226/ff37ef5c/attachment.html>

More information about the Freeradius-Users mailing list