Authenticate users from multiple realms on the same NAS

Alan DeKok aland at deployingradius.com
Sat Aug 12 05:11:43 CEST 2006


Scott Lambert <lambert at lambertfam.org> wrote:
> Would I be able to setup three mysql entries in the way that Alan
> suggested for the LDAP setup, but with a different query specified for
> each realm which includes the realm in the selection criteria of query?

  If the users are logging in with different realms (i.e. bob at foo,
bob at bar), then there's no problem.  It's easy to do, just key off of
the realms.

 If you have 3 users logging in as "bob", each with different
passwords, then it's hard.  Just putting different MySQL entries won't
work.

> I just don't know how the accounting will hold together with any
> solution.

  "Class".  Send a Class attribute back in the Access-Accept with some
kind of unique identifier for the user.  e.g. a numerical ID, or
something that uniquely identifies them.  The Class attribute will
come back in the accounting packets, and you can use that to tell
which user to bill.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list