Restricting user by realm

Lisa Casey lisa at jellico.com
Thu Nov 8 17:19:48 CET 2007


Hi,

I have Freeradius 1.1.6 running on FreeBSD. I authenticate users from a users file, not from a database. I have three default realms setup in the realms file and at the top of the users file like so:


DEFAULT Realm == jellico.net
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 255.255.255.254,
        Framed-IP-Netmask = 255.255.255.255,
        Framed-Routing = None,
        Framed-Compression = None,
        Framed-MTU = 1500,
        Fall-Through = 1

DEFAULT Realm == jellico.com
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 255.255.255.254,
        Framed-IP-Netmask = 255.255.255.255,
        Framed-Routing = None,
        Framed-Compression = None,
        Framed-MTU = 1500,
        Fall-Through = 1

Then a list of users follows. Here's one example:

lisa Auth-Type = Local, Password == xxxxxxx
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 255.255.255.254,
        Framed-IP-Netmask = 255.255.255.255,
        Framed-Routing = None,
        Framed-Compression = None,
        Framed-MTU = 1500,
        Slipstream-Auth = "true"

The way things are setup now, any user can log in with any of the realms I have defined. For example, I (username lisa) could login as lisa at jellico.com and then turn around and login as lisa at jellico.net    My boss would like me to restrict this so that (for example) lisa could log in as lisa at jellico.com but not lisa at jellico.net

With my setup, can I do this easily (or at all)? If this is possible, please give me some idea of how to go about doing this.

Thanks,

Lisa Casey
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071108/dd97fe5d/attachment.html>


More information about the Freeradius-Users mailing list