Using Realm as a check item

Lisa Casey lisa at jellico.com
Fri Dec 5 22:57:37 CET 2008


Hi,

I am attempting to use my Freeradius users file to  restrict certain users 
to a specific realm. In my users file, I have several default realms 
specified near the top as so:

DEFAULT Realm == realm1.com
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 255.255.255.254,
        Framed-IP-Netmask = 255.255.255.255,
        Framed-Routing = None,
        Framed-Compression = None,
        Framed-MTU = 1500,
        Fall-Through = 1

DEFAULT Realm == realm2.com
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 255.255.255.254,
        Framed-IP-Netmask = 255.255.255.255,
        Framed-Routing = None,
        Framed-Compression = None,
        Framed-MTU = 1500,
        Fall-Through = 1

Next I have users entries as so:

lisa Auth-Type = Local, Password == xxxxxxx
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 255.255.255.254,
        Framed-IP-Netmask = 255.255.255.255,
        Framed-Routing = None,
        Framed-Compression = None,
        Framed-MTU = 1500

susan Auth-Type = Local, Password == xxxxxxx
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 255.255.255.254,
        Framed-IP-Netmask = 255.255.255.255,
        Framed-Routing = None,
        Framed-Compression = None,
        Framed-MTU = 1500

I would like to restrict lisa to realm1.com only. So I modified lisa's entry 
in the users file like so:

lisa Realm == realm1.com, Auth-Type = Local, Password == xxxxxxx
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 255.255.255.254,
        Framed-IP-Netmask = 255.255.255.255,
        Framed-Routing = None,
        Framed-Compression = None,
        Framed-MTU = 1500

It doesn't work. In my radius.log I get:

Fri Dec  5 12:59:05 2008 : Auth: Login incorrect: [lisa/xxxxxxx] (from 
client rad03.globalpops.com port 1282 cli 423784xxxx)
Fri Dec  5 12:59:11 2008 : Auth: Login incorrect: [lisa/xxxxxx] (from client 
rad04.globalpops.com port 1282 cli 423784xxxx)

I have tried leaving out Auth-Type, I've changed Password == to 
Cleartext-Password == but none of that helped. I can authenticate as lisa 
with no realm specified in the users file as a check item, buit as soon as I 
add that in, I can no longer authenticate. Any idea what I'm doing wrong or 
why this isn't working for me?

Thanks,

Lisa




More information about the Freeradius-Users mailing list