Wouldnt that be a bad idea if the connecting guy sets your web server IP
address in his xp? or even worse some IP where he can collect all the
passwords of your users?
Perhaps you can use Framed-IP-Address = 192.168.40.126 ? If the XP
requests an IP then it would be in the check list so (I am not sure but)
radius wouldnt send the Framed-IP-Address attribute back to server
perhaps?
Attribute = Value
Not allowed as a check item.
As a reply item, it means "add the item to the reply
list, but only if there is no other item of the same
attribute."
Evren
On Tue, 3 Dec 2002, Andrew Grimmett wrote:
>
>
> When authentication occurs when dialing through a Cisco Router, and the
> Framed-IP-Address is assigned, the client (Windows XP)is rejecting the
> connection if it has been set for a static IP address. Is there away to
> allow static IP addresses to connect while there account is still set
> with a Framed-IP-Address, so they could use a Static IP address or an IP
> address assigned from the radius.
>
> Here is my current configuration Running on Freeradius 0.7.1.
>
> agrimmett NAS-IP-Address == 192.168.2.175, Auth-Type := System
> Framed-Protocol = PPP,
> Framed-IP-Address := 192.168.40.126,
> Ascend-Client-Primary-DNS = 192.168.4.52,
> Ascend-Client-Secondary-DNS = 192.168.50.52,
> Framed-Compression = Van-Jacobson-TCP-IP,
> Idle-Timeout = 0,
> Framed-MTU = 1500,
> Fall-Through = Yes
>
> I noticed also in Release 0.8's change log that it now has a post_auth
> section, how do you define that, or where can I locate a doc/example of
> the configuration.
>
>
>
> Thanks
> Andrew Grimmett
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
