To add on this, also have all the common attributes in a single default entry: DEFAULT Service-Type = Framed-User Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Framed-Compression = None, Framed-MTU = 1500, Fall-Through = 1 User entries can then become one-liners, like in Kevin's example, and you don't even need those DEFAULT entries for realms. Ivan Kalik Kalik Informatika ISP Dana 8/11/2007, "Kevin Bonner" <keb@pa.net> piše:
On Thursday 08 November 2007 11:19:48 Lisa Casey wrote:
The way things are setup now, any user can log in with any of the realms I have defined. For example, I (username lisa) could login as lisa@jellico.com and then turn around and login as lisa@jellico.net My boss would like me to restrict this so that (for example) lisa could log in as lisa@jellico.com but not lisa@jellico.net
Just add a check item to the user entry and it will only allow them from that realm. Since you are using 1.1.6, don't use Auth-Type and start using Cleartext-Password with the := operator.
lisa Cleartext-Password := "xxxxxxx", Realm == "jellico.com" ...
Or if you want to reject from a specific realm, just use this before your real user entry: lisa Realm == "realmY", Auth-Type := Reject
Kevin Bonner