Restricting user by realm

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Thu Nov 8 17:29:54 CET 2007


Hi,

> 
> DEFAULT Realm == jellico.net
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Address = 255.255.255.254,
>         Framed-IP-Netmask = 255.255.255.255,
>         Framed-Routing = None,
>         Framed-Compression = None,
>         Framed-MTU = 1500,
>         Fall-Through = 1
> 
> DEFAULT Realm == jellico.com
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Address = 255.255.255.254,
>         Framed-IP-Netmask = 255.255.255.255,
>         Framed-Routing = None,
>         Framed-Compression = None,
>         Framed-MTU = 1500,
>         Fall-Through = 1
> 
> Then a list of users follows. Here's one example:
> 
> lisa Auth-Type = Local, Password == xxxxxxx
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Address = 255.255.255.254,
>         Framed-IP-Netmask = 255.255.255.255,
>         Framed-Routing = None,
>         Framed-Compression = None,
>         Framed-MTU = 1500,
>         Slipstream-Auth = "true"
> 
> The way things are setup now, any user can log in with any of the realms I have defined. For example, I (username lisa) could login as lisa at jellico.com and then turn around and login as lisa at jellico.net    My boss would like me to restrict this so that (for example) lisa could log in as lisa at jellico.com but not lisa at jellico.net
> 
> With my setup, can I do this easily (or at all)? If this is possible, please give me some idea of how to go about doing this.

use the realms as check items for example

lisa Realm == jellico.com Auth-Type := Local, Cleartext-Password := xxxxxxx
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 255.255.255.254,
        Framed-IP-Netmask = 255.255.255.255,
        Framed-Routing = None,
        Framed-Compression = None,
        Framed-MTU = 1500,
        Slipstream-Auth = "true"

lisa Realm == jellico.net Auth-Type := Reject, Cleartext-Password := xxxxxxx

alan



More information about the Freeradius-Users mailing list