users authenticating against xtradius/postgres database just beautifully.
working on adding some further customization to dialup users, in trying to limit
a few users to a specific server or network of servers, we are trying to send
inacl configurations. For the life of my I cannot get it to function where a
user with these acl's set is appropriately limited.
#From the external auth.pl script after authing user against database
print "Cisco-AVPair = \"ip:dns-servers=any host 192.168.1.2\"\n";
print "Cisco-AVPair = \"ip:inacl#1=permit tcp any host 192.168.1.0\"\n";
print "Cisco-AVPair = \"ip:inacl#2=deny tcp any any\"\n";
print "Cisco-AVPair = \"ip:inacl#3=permit ip any host 192.168.1.0\"\n";
print "Cisco-AVPair = \"ip:inacl#4=deny ip any any\"\n";
print "Cisco-AVPair = \"ip:inacl#5=permit icmp any any\"\n";
the desired end result being a user who can only access web, mail etc...
services on servers in the 192.168.1.0 class C network.
comments or corrections appreciated.
Dave
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:11:55 EDT