---------- Forwarded Message ----------
Subject: BOUNCE [EMAIL PROTECTED]: Non-member submission from [Japheth
Cleaver <[EMAIL PROTECTED]>]
Date: Fri, 8 Mar 2002 21:58:58 -0600
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
>From [EMAIL PROTECTED] Fri Mar 8 21:58:58 2002
Received: from smtp.ixpres.com (smtp.ixpres.com [216.240.160.50])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g293wv325928
for <[EMAIL PROTECTED]>; Fri, 8 Mar 2002 21:58:58 -0600
Received: from duckburg.ixpres.com (c2514-36-070.ixpres.com [216.105.36.70])
by smtp.ixpres.com (8.9.3/8.9.3) with ESMTP id VAA88443
for <[EMAIL PROTECTED]>; Fri, 8 Mar 2002 21:32:31 -0800 (PST)
(envelope-from [EMAIL PROTECTED])
Message-Id: <[EMAIL PROTECTED]>
X-Sender: (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Fri, 08 Mar 2002 21:28:59 -0800
To: [EMAIL PROTECTED]
From: Japheth Cleaver <[EMAIL PROTECTED]>
Subject: Re: (RADIATOR) Restricting login by NAS
In-Reply-To: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 02:57 PM 3/9/2002 +1100, Barry Andersson wrote:
>Hi,
>
>Can anyone help with the Check Item Perl expression to enable us to
>ensure that certain users cannot login via particular NAS?
>
>That is, we want some users to be able to dial in via any NAS except
>aaa.bbb.ccc.ddd and www.xxx.yyy.zzz .
>
>Barry Andersson
Hello,
I wrote a simple check script a while ago to prevent logins on a specific
phone number, but the same principle can be applied to the NAS identifier.
Just change "Called-Station-Id" to "NAS-IP-Address" and replace the phone
numbers with the evil IP addresses. Should work.
Japheth Cleaver
[EMAIL PROTECTED]
------------------------------------
"Lack of documentation promotes job stability."
---- BEGIN SCRIPT
#!/usr/bin/perl
# This script will examine the incoming packet (given to us on STDIN) and
# search for the number the user has called in on (if supplied). If it
# finds it, it searches for that number in our "list of bad numbers". If
# the number is in there, it sends a "reject" message back to Radiator
# (exit 1) along with a message for the NAS to display to the user (which
# Microsoft dutifully ignores.)
# If the number is not in the bad numbers list, it will send an "Ignore"
# message to Radiator (exit 2), which will cause Radiator to move on to the
# next authentication method.
# If the number they're dialing in on isn't supplied, it sends Radiator
# an "Ignore" message and Radiator continues on.
# - Japheth Cleaver - [EMAIL PROTECTED]
#
# Enter the phone numbers to reject below, one per line
$badNumbers = qq!
6198531212
6198675309
!;
# This is the message to be displayed back.
$replyMsg="Please call us at (800) xxx-xxxx to get a new number.";
##############################################
# Begin Code
##############################################
$badNumberReplyMsg=qq!\tReply-Message = "$replyMsg"\n!;
# @stdin=<STDIN>;
foreach (<STDIN>) {
if (/Called-Station-Id/) {
# Remove spaces and newline
s/^.*=\s"//; s/".*//; chop;
# Search in bad number list
if ($badNumbers =~ /^$_$/m) {
# Send "reject"
print $badNumberReplyMsg;
exit 1;
} else {
# Send "ignore"
exit 2;
};
};
};
----END SCRIPT
-------------------------------------------------------
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
