Restricting user by realm
Lisa Casey
lisa at jellico.com
Thu Nov 8 17:19:48 CET 2007
Hi,
I have Freeradius 1.1.6 running on FreeBSD. I authenticate users from a users file, not from a database. I have three default realms setup in the realms file and at the top of the users file like so:
DEFAULT Realm == jellico.net
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = None,
Framed-MTU = 1500,
Fall-Through = 1
DEFAULT Realm == jellico.com
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = None,
Framed-MTU = 1500,
Fall-Through = 1
Then a list of users follows. Here's one example:
lisa Auth-Type = Local, Password == xxxxxxx
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = None,
Framed-MTU = 1500,
Slipstream-Auth = "true"
The way things are setup now, any user can log in with any of the realms I have defined. For example, I (username lisa) could login as lisa at jellico.com and then turn around and login as lisa at jellico.net My boss would like me to restrict this so that (for example) lisa could log in as lisa at jellico.com but not lisa at jellico.net
With my setup, can I do this easily (or at all)? If this is possible, please give me some idea of how to go about doing this.
Thanks,
Lisa Casey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071108/dd97fe5d/attachment.html>
More information about the Freeradius-Users
mailing list