Re: "signup" account

Brian Moore (bem@cmc.net)
Sat, 5 Oct 1996 15:51:27 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dale E. Reed Jr.: "Re: PM-3 doesn't do BRI, solution."
Previous message: Roland H. Alden: ""signup" account"

> >From: Timothy Deem[SMTP:tdeem2@alpha.comsource.net]
> >Sent: Thursday, October 03, 1996 7:39 AM
> >
> > We are trying to create an account that cannot dial-in. We are
> >running
> >MERIT radius which is linked to the C2 security of our host. The
> >following were performed by our System Administrator:
> >
> I have a related question.
>
> I want to create an account which can only reach
> the HTTP server on the local LAN (same one the PM
> is on). I don't want this account to be able to
> access the internet (i.e., see the router). In fact,
> I'd prefer it not get DNS service so it could *really*
> only see the HTTP server and nothing else (the user
> would hit pages that only use IP addresses in their
> links). The application is sign-up for service.
> I.e., I want *anybody* to be able to dial in and
> fill out signup forms, using a special userid/password,
> but I don't want that account (which might likely
> appear in advertisements) to have any further
> useful privileges.

permit 0.0.0.0/0 your.www.server.ip/32 tcp dst eq 80

Put the 'signup' user in RADIUS with signup.ppp as the filter, and make the
above signup.ppp.in, and you're done.

Next message: Dale E. Reed Jr.: "Re: PM-3 doesn't do BRI, solution."
Previous message: Roland H. Alden: ""signup" account"