Hello Hugh, > On 02.03.17, 05:24 "Hugh Irvine" h...@open.com.au wrote: > Probably the simplest way to do this is with a PostSearchHook. maybe I understood you wrong, but I am not sure how this will help. I could do the IP address check in the hook, If I understood correctly, the RADIUS request will be passed to the hook. Two questions however remain:
In summary, the overall logic should look like this: User is authenticated against local fallback user store Permit User is member of VPN AD group and student AD group: If source-ip in range Permit else Deny endif User is member of OOB VPN group: Permit Else Deny Two questions: - I understand that the “if source-ip”… part can be done in the Post Search Hook. How would I return a value such that the request will be denied? - How can I check if a user is member of two groups and only then check the IP address? Thanks again and best regards Daniel _______________________________________________ radiator mailing list radiator@lists.open.com.au http://lists.open.com.au/mailman/listinfo/radiator