Hello Rob - The usual way to do this is with Identifiers in the Client clauses to group the devices, then use the Identifier either as an authentication check item, or for separate Handlers.
regards Hugh > On 26 Jun 2015, at 07:34, Patrick, Robert (CONTR) <[email protected]> > wrote: > > How best to restrict RADIUS and TACACS auth to a specific source device (NAS) > for a specific user? > > > > What is the best method to allow all users access all the time from any > source, except user X that is only to permitted access when authenticating > from device Y? > > > > Customer is looking to permit the humans to login with 2-factor tokens from > anywhere, and scripts with username/password to login from a specific source. > > > > Thanks! > > > > -Rob Patrick > > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine [email protected] Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
