Hello Hugh,
> On 02.03.17, 05:24 "Hugh Irvine" h...@open.com.au wrote:
> Probably the simplest way to do this is with a PostSearchHook.
maybe I understood you wrong, but I am not sure how this will help. I could do
the IP address check in the hook, If I understood correctly, the RADIUS request
will be passed to the hook. Two questions however remain:
In summary, the overall logic should look like this:
User is authenticated against local fallback user store
Permit
User is member of VPN AD group and student AD group:
If source-ip in range
Permit
else
Deny
endif
User is member of OOB VPN group:
Permit
Else
Deny
Two questions:
- I understand that the “if source-ip”… part can be done in the Post Search
Hook. How would I return a value such that the request will be denied?
- How can I check if a user is member of two groups and only then check the IP
address?
Thanks again and best regards
Daniel
_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator
