Recently some of our staff underwent IP address changes. I think our moodle lms has an exclude built into the system somewhere as everyone who's IP remains the same can access the site and those who underwent ip changes can no longer sign-in (receiving forbidden information). When the log-in configuration was set-up I remember talking about limiting access to companies through ldap system. I've found the ldap settings but it does not mention exclusion. Does anyone know whether this exclusion would have been done in Apache or Moodle? I could not find anything in the config.php file.
Do they receive the Access Forbidden message after trying to log in? Or when trying to browse the site? Also is that the standars apache message or a Moodle error message?
It sounds like perhaps if it is related to IP then like Adam suggests you might want to look at Firewall rules and apache config files. Also have you got mod_security installed? Another thing is if you're using linux that the IP ranges could be blocked using iptables (I dont know about windows unfortunately).