Re: Questions from a totally ignorant n00b

This is a discussion on Re: Questions from a totally ignorant n00b within the FreeRADIUS Users forums, part of the Networking and Network Related category; --===============0806787482== Content-Type: multipart/alternative; boundary="----=_Part_51170_15723341.1166730404764" ------=_Part_51170_15723341.1166730404764 Content-Type: text/plain; charset=ISO-8859-1; ...


Go Back   Usenet Forums > Networking and Network Related > FreeRADIUS Users

Reload this Page Re: Questions from a totally ignorant n00b

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 12-21-2006
Jan Mulders
 
Posts: n/a
Default Re: Questions from a totally ignorant n00b
--===============0806787482==
Content-Type: multipart/alternative;
boundary="----=_Part_51170_15723341.1166730404764"

------=_Part_51170_15723341.1166730404764
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Freeradius can do this, I believe (please correct me if I'm wrong, List).

However, you might want to consider firewalling those certain addresses on
your radius server so authentication/accounting packets never reach your
existing radius server daemon. Look into iptables, it should be fairly easy
to do. It'd also save what is probably an unnecassary change of software for
your purposes!

Hope this helps,

Jan

On 21/12/06, Gene Mosley <freeradius@mosleyfamily.org> wrote:
>
> I am currently running RADIUS under AIX (the AIX version of RADIUS) and
> having a problem.
>
> It appears that the AIX RADIUS cannot be configured to work around this
> problem.
>
> I was wondering if switching to FreeRADIUS would help?
>
>
>
> The problem is this:
>
> Users are authenticating from systems that they should not be
> authenticating from - we need to block authentication on a per system (IP
> address) basis, not a per user basis.
>
> Users should be allowed to authenticate from any system that they are
> using _except_ a certain, specific list of IP addresses which would
> basically be banned/blocked from authenticating.
>
> Is this something that FreeRADIUS can do?
>
>
> I just started reading about it - and if nothing else it looks like
> exec-program-wait might be used to test the IP address and return an
> authentication failure?
>
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>

------=_Part_51170_15723341.1166730404764
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Freeradius can do this, I believe (please correct me if I'm wrong, List).<br><br>However, you might want to consider firewalling those certain addresses on your radius server so authentication/accounting packets never reach your existing radius server daemon. Look into iptables, it should be fairly easy to do. It'd also save what is probably an unnecassary change of software for your purposes!
<br><br>Hope this helps,<br><br>Jan<br><br><div><span class="gmail_quote">On 21/12/06, <b class="gmail_sendername">Gene Mosley</b> &lt;<a href="mailto:freeradius@mosleyfamily.org">freeradi us@mosleyfamily.org</a>&gt; wrote:
</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">
<div>I am currently running RADIUS under AIX (the AIX version of RADIUS) and having a problem.<br><br>It appears that the AIX RADIUS cannot be configured to work around this problem.<br><br>I was wondering if switching to FreeRADIUS would help?
<br><br><br><br>The problem is this:<br><br>Users are authenticating from systems that they should not be authenticating from - we need to block authentication on a per system (IP address) basis, not a per user basis.<br>
<br>Users should be allowed to authenticate from any system that they are using _except_ a certain, specific list of IP addresses which would basically be banned/blocked from authenticating.<br><br>Is this something that FreeRADIUS can do?
<br><br><br>I just started reading about it - and if nothing else it looks like exec-program-wait might be used to test
the IP address and return an authentication failure?<br><br><br><br><br><br></div></div></div>
<br>-<br>List info/subscribe/unsubscribe? See <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br><br>
</blockquote></div><br>

------=_Part_51170_15723341.1166730404764--

--===============0806787482==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--===============0806787482==--
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 08:46 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0