Restricting user by realm
Kevin Bonner
keb at pa.net
Thu Nov 8 17:43:12 CET 2007
On Thursday 08 November 2007 11:19:48 Lisa Casey wrote:
> The way things are setup now, any user can log in with any of the realms I
> have defined. For example, I (username lisa) could login as
> lisa at jellico.com and then turn around and login as lisa at jellico.net My
> boss would like me to restrict this so that (for example) lisa could log in
> as lisa at jellico.com but not lisa at jellico.net
Just add a check item to the user entry and it will only allow them from that
realm. Since you are using 1.1.6, don't use Auth-Type and start using
Cleartext-Password with the := operator.
lisa Cleartext-Password := "xxxxxxx", Realm == "jellico.com"
...
Or if you want to reject from a specific realm, just use this before your real
user entry:
lisa Realm == "realmY", Auth-Type := Reject
Kevin Bonner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071108/6054835a/attachment.pgp>
More information about the Freeradius-Users
mailing list