Logging from another PC

Liran Tal liran at enginx.com
Tue Jan 29 09:08:44 CET 2008


Hey,

On Jan 29, 2008 9:45 AM, <javkhlanbaatar at newcomsystems.mn> wrote:

> Hi,
>
> I have a question.
> When the user logs using own username and password into Radius server (ie,
> using 192.168.160.5), it is OK. When someone change IP address statically
> into logged IP (to 192.168.160.5), he can use the logged account. I mean
> he can use another one's account.


This is something that the NAS controls. FreeRADIUS only receives
authentication
requests upon which it can Accept or Reject the user. You might also want
to look at the Simultaneous-Use attribute.


> How can I block another PC? And I don't
> want the user logs often in one day.


You can set a check attribute for the Calling-Station-Id MAC Address and so
the user will be granted access only if he logs in from a specific machine.


> User must logs once in a day. That's
> why I don't want to put Idle-Timeout attribute.
>
>
Explain better please.


Regards,
Liran Tal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080129/bcedb609/attachment.html>


More information about the Freeradius-Users mailing list