is it possible to only allow users with a valid host ip?

classic Classic list List threaded Threaded
4 messages Options
| Threaded
Open this post in threaded view
|

is it possible to only allow users with a valid host ip?

gvdgiessen
Hi,

I wonder if I can restrict (vpn)login from users in combination with
their login (host) ip address.

cheers, Geer
--
 
  [hidden email]

--
http://www.fastmail.fm - And now for something completely differentÂ…


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: is it possible to only allow users with a valid host ip?

Paul "TBBle" Hampson
On Thu, Jun 09, 2005 at 06:19:28AM -0700, [hidden email] wrote:
> Hi,

> I wonder if I can restrict (vpn)login from users in combination with
> their login (host) ip address.

If you mean their source address, that would depend on how your VPN
endpoint gives that information to FreeRADIUS. If it's sensible and
uses the Calling-Station-ID attribute, then you can use that.

--
Paul "TBBle" Hampson, on an alternate email client.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: is it possible to only allow users with a valid host ip?

Marcin M. Jessa-2

You can add an extra field in SQL with Calling-Station-ID attribute for a user and make radius check that when it receives a request.


On Fri, 10 Jun 2005 15:28:46 +1000
[hidden email] (Paul Hampson) wrote:

> On Thu, Jun 09, 2005 at 06:19:28AM -0700, [hidden email] wrote:
> > Hi,
>
> > I wonder if I can restrict (vpn)login from users in combination with
> > their login (host) ip address.
>
> If you mean their source address, that would depend on how your VPN
> endpoint gives that information to FreeRADIUS. If it's sensible and
> uses the Calling-Station-ID attribute, then you can use that.
>
> --
> Paul "TBBle" Hampson, on an alternate email client.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: is it possible to only allow users with a valid host ip?

gvdgiessen
In reply to this post by Paul "TBBle" Hampson
> If you mean their source address, that would depend on how your VPN
> endpoint gives that information to FreeRADIUS. If it's sensible and
> uses the Calling-Station-ID attribute, then you can use that.
>

Ah great! That is exactly what I need!

cheers, Geert.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html