From owner-freebsd-questions@FreeBSD.ORG Wed Oct 29 08:47:21 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 58ACB16A4CE for ; Wed, 29 Oct 2003 08:47:21 -0800 (PST) Received: from desktop-guardian.com (desktopguardian.plus.com [81.174.227.189]) by mx1.FreeBSD.org (Postfix) with SMTP id 0087843FD7 for ; Wed, 29 Oct 2003 08:47:19 -0800 (PST) (envelope-from simong@desktop-guardian.com) Received: (qmail 32715 invoked by uid 85); 29 Oct 2003 16:46:53 -0000 Received: from simong@desktop-guardian.com by dtg31.desktop-guardian.com by uid 82 with qmail-scanner-1.16 (clamscan: 0.60. spamassassin: 2.60. Clear:. Processed in 2.265989 secs); 29 Oct 2003 16:46:53 -0000 Received: from unknown (HELO dtg17) (81.174.227.186) by desktopguardian.plus.com with SMTP; 29 Oct 2003 16:46:50 -0000 Message-ID: <024a01c39e3c$28b65450$1100a8c0@dtg17> From: "Simon Gray" To: "kitsune" , "Xpression" References: <001d01c39d90$03412bc0$0801a8c0@bloodlust> <20031029102840.7d5233ff.kitsune@gmx.co.uk> Date: Wed, 29 Oct 2003 16:46:11 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: FreeBSD-questions Subject: Re: Hi list... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Oct 2003 16:47:21 -0000 > > I'm running TACACS+ on a FreeBSD server to aaa and I was wondering > > if I can restrict the entrance to peoples until a time, I mean, I don't want > > to be able the connection to some address pools from 6:00 pm until 6am, for > > example...any clue ??? Do I need a script before authentication or what ??? > > Thanks...if someone knows if it can do it on the NAS ??? perfect...thanxxxxx could you not have a cron job which stops the process at a certain time, then starts it back up at another time? e.g. in '/etc/crontab' add the following *18***user_to_perform_action_such_as_root/path /to/tacacs/stop-script *6***user_to_perform_action_such_as_root/path/ to/tacacs/start-script replacing with tabs so it'll stop at 18 hours (6pm) and start at 6am > No clue what TACACS+ is, but if it involves the network you may want to look > into ipfw and then setting up a cron job. http://www.easynet.de/tacacs-faq/tacacs-faq-2.html What is TACACS, XTACACS, TACACS+, RADIUS? All of them are protocols which allow a network access server (NAS, for example a Cisco 2511 or a 5300) to offload the user administation to a central server. There are now three versions of an authentication protocol that people commonly refer to as "TACACS", which is as acronym for "Terminal Access Controller Access Control System" hope this helps Simon