Is there a simple way to restrict a user in the 'users' file to access only a specific ip addr/device?
Peter Nixon
listuser at peternixon.net
Tue Jan 16 10:28:35 CET 2007
Yep. Its called a firewall...
-Peter
On Tue 02 Jan 2007 20:39, Ellis, Scott 1 (N-Comptel Inc.) wrote:
> I am using PAM for auth-type in my users file. Is there a simple way to
> say that user 'x' can only login to IP addr 'y' and /or 'z'? I have
> groups of engrs, admins, and operators and need to discriminate who can
> access which device........
>
> Scott
>
> -----Original Message-----
> From: Ellis, Scott 1 (N-Comptel Inc.)
> Sent: Tuesday, January 02, 2007 11:40 AM
> To: 'FreeRadius users mailing list'
> Cc: Ellis, Scott 1 (N-Comptel Inc.)
> Subject: RE: How to restrict users /PAM to specific NAS devices??
>
> I have looked it over, but I am still not clear. I was thinking that I
> could use huntgroups to map devices to specific groups, but then I am
> not clear on how to restrict users ('users' file) to those groups. I
> know this has probably been done most everywhere in one form or another.
> Any examples that show the actual entries in the approp. files?
>
> Thanks,
> Scott
>
> -----Original Message-----
> From:
> freeradius-users-bounces+scott.1.ellis=lmco.com at lists.freeradius.org
> [mailto:freeradius-users-bounces+scott.1.ellis=lmco.com at lists.freeradius
> .org] On Behalf Of Alan DeKok
> Sent: Tuesday, January 02, 2007 9:43 AM
> To: FreeRadius users mailing list
> Subject: Re: How to restrict users /PAM to specific NAS devices??
>
> Ellis, Scott 1 (N-Comptel Inc.) wrote:
> > I am using PAM for Auth-Type.
> > I want to be able to either 1) restrict the devices the user has
> > access to (admins,operators, etc) by username and/or 2) preferably
> > carve into groups my network gear/NAS devices and then assign users to
>
> groups.
>
> See "man rlm_passwd". It's documentation describes how to create
> groups like this.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070116/3c3c81e2/attachment.pgp>
More information about the Freeradius-Users
mailing list