[RADIATOR] Restricting login access by source device
Hugh Irvine
hugh at open.com.au
Thu Jun 25 19:06:37 CDT 2015
Hello Rob -
The usual way to do this is with Identifiers in the Client clauses to group the devices, then use the Identifier either as an authentication check item, or for separate Handlers.
regards
Hugh
> On 26 Jun 2015, at 07:34, Patrick, Robert (CONTR) <Robert.Patrick at hq.doe.gov> wrote:
>
> How best to restrict RADIUS and TACACS auth to a specific source device (NAS) for a specific user?
>
>
>
> What is the best method to allow all users access all the time from any source, except user X that is only to permitted access when authenticating from device Y?
>
>
>
> Customer is looking to permit the humans to login with 2-factor tokens from anywhere, and scripts with username/password to login from a specific source.
>
>
>
> Thanks!
>
>
>
> -Rob Patrick
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
hugh at open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list