Restricting user by realm
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu Nov 8 17:29:54 CET 2007
Hi,
>
> DEFAULT Realm == jellico.net
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Address = 255.255.255.254,
> Framed-IP-Netmask = 255.255.255.255,
> Framed-Routing = None,
> Framed-Compression = None,
> Framed-MTU = 1500,
> Fall-Through = 1
>
> DEFAULT Realm == jellico.com
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Address = 255.255.255.254,
> Framed-IP-Netmask = 255.255.255.255,
> Framed-Routing = None,
> Framed-Compression = None,
> Framed-MTU = 1500,
> Fall-Through = 1
>
> Then a list of users follows. Here's one example:
>
> lisa Auth-Type = Local, Password == xxxxxxx
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Address = 255.255.255.254,
> Framed-IP-Netmask = 255.255.255.255,
> Framed-Routing = None,
> Framed-Compression = None,
> Framed-MTU = 1500,
> Slipstream-Auth = "true"
>
> The way things are setup now, any user can log in with any of the realms I have defined. For example, I (username lisa) could login as lisa at jellico.com and then turn around and login as lisa at jellico.net My boss would like me to restrict this so that (for example) lisa could log in as lisa at jellico.com but not lisa at jellico.net
>
> With my setup, can I do this easily (or at all)? If this is possible, please give me some idea of how to go about doing this.
use the realms as check items for example
lisa Realm == jellico.com Auth-Type := Local, Cleartext-Password := xxxxxxx
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = None,
Framed-MTU = 1500,
Slipstream-Auth = "true"
lisa Realm == jellico.net Auth-Type := Reject, Cleartext-Password := xxxxxxx
alan
More information about the Freeradius-Users
mailing list