The Framed-Filter attribute in RADIUS tells your terminal server to look
for a filter file in its own configuration which is named the same thing
as the attribute value. Different terminal servers support different
levels of complexity when it comes to filtering, and have different
methods of implementation. You will need to check the documentation for
your NAS to find more about writing filters for your specific NAS.
The type of filtering you are talking about below is fairly complex -
you want to limit the things a person does over a TCP/IP connection, and
most NASes won't support that. What you can almost always do is limit
certain users to accessing certain IP addresses directly from their
machine. For example, you could define a filter that allows a user to
send and receive data with the IP address of your mail server, but
nothing else, therefore creating a mail-only filter.
The powerful thing about using the framed-filter attribute in
combination with a filter on your NAS is that you can have mail-only,
full access, and other account types all dialing into the same set of
lines, and it's their individual login which determines where their port
can connect to for the time they're logged into it.
IEA Software Support
> Hello Fellows again :)
> Thanks to Dale I have solved my problem with RRAS.
> Now I wanna know how to use Framed-Filters which
> was mentioned in RadAttribites table.
> Can we able to filter different ports on Terminal Server,
> such as some users wants only telnet or http or mail etc.
> Please reply soon
> For more information about this list, including removal, please
> see this URL: http://www.iea-software.com/maillist.html
For more information about this list, including removal, please
see this URL: http://www.iea-software.com/maillist.html