Restricting Subnet Access
Hi ... I'm new to this list as well as freeradius. I've installed 0.9.3 and have been trying to figure out how to restrict access to various framed networks. I was led to believe that freeradius was capable of doing this but I haven't found anything about this capability in the docs nor scripts. In a nut shell, this is what I would like to do. A. Enable the radius server to accept all NAS requests from certain subnets (e.g. 192.168.1.0/26, 192.168.1.128/26) and reject all of the others. Any insight would be greatly appreciated. Thanks in advance Frank | | Frank Everitt | | Systems Administrator :|||: :|||: 7025 Kit Creek Rd. :|: :|: RTP, NC 27709 ..:|||:.:|||: Ph. (919) 392-8885 FAX. (603) 288-3074 CISCO SYSTEMS Cell: (919) 624-6098 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Restricting Subnet Access
Frank Everitt [EMAIL PROTECTED] wrote: I'm new to this list as well as freeradius. I've installed 0.9.3 and have been trying to figure out how to restrict access to various framed networks. I was led to believe that freeradius was capable of doing this but I haven't found anything about this capability in the docs nor scripts. Read raddb/clients.conf, there's an example of using CIDR notation for clients. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Restricting Subnet Access
At 01:14 PM 12/4/2003, Frank Everitt wrote: Hi ... I'm new to this list as well as freeradius. I've installed 0.9.3 and have been trying to figure out how to restrict access to various framed networks. I was led to believe that freeradius was capable of doing this but I haven't found anything about this capability in the docs nor scripts. In a nut shell, this is what I would like to do. A. Enable the radius server to accept all NAS requests from certain subnets (e.g. 192.168.1.0/26, 192.168.1.128/26) and reject all of the others. Any insight would be greatly appreciated. If the server isn't configured with an explicit client configuration, it won't respond to the request. If you instead are trying to get it to send an immediate auth-reject to certain NAS, then you could create a 'Huntgroups' configuration to place the NAS you want to reject in a named Huntgroup. The put something similar to the following in your 'users' config: DEFAULT Huntgroup == BADNAS, Auth-Type := Reject Fall-Through = No If what you are trying to do is neither of the above, please clarify what you want to do. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Restricting Subnet Access
At 01:14 PM 12/4/2003, you wrote:
Hi ...
I'm new to this list as well as freeradius. I've installed 0.9.3
and have been trying to figure out how to restrict access to various
framed networks. I was led to believe that freeradius was capable of
doing this but I haven't found anything about this capability in the docs
nor scripts. In a nut shell, this is what I would like to do.
A. Enable the radius server to accept all
NAS requests from certain subnets (e.g. 192.168.1.0/26, 192.168.1.128/26)
and reject all of the others.
Any insight would be greatly appreciated.
From /path/to/src/radiusd/raddb/clients.conf:
# You can now specify one secret for a network of clients.
# When a client request comes in, the BEST match is chosen.
# i.e. The entry from the smallest possible network.
#
#client 192.168.0.0/24 {
# secret = testing123-1
# shortname = private-network-1
#}
#
#client 192.168.0.0/16 {
# secret = testing123-2
# shortname = private-network-2
#}
So, list your networks and no other clients. FreeRADIUS will only accept
requests from the clients listed in clients.conf.
HTH,
Chris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
