Restricting user by realm

tnt at kalik.co.yu tnt at kalik.co.yu
Thu Nov 8 20:56:35 CET 2007


To add on this, also have all the common attributes in a single default
entry:

DEFAULT   Service-Type = Framed-User
          Service-Type = Framed-User,
          Framed-Protocol = PPP,
          Framed-IP-Address = 255.255.255.254,
          Framed-IP-Netmask = 255.255.255.255,
          Framed-Routing = None,
          Framed-Compression = None,
          Framed-MTU = 1500,
          Fall-Through = 1

User entries can then become one-liners, like in Kevin's example, and
you don't even need those DEFAULT entries for realms.

Ivan Kalik
Kalik Informatika ISP

Dana 8/11/2007, "Kevin Bonner" <keb at pa.net> piše:

>On Thursday 08 November 2007 11:19:48 Lisa Casey wrote:
>> The way things are setup now, any user can log in with any of the realms I
>> have defined. For example, I (username lisa) could login as
>> lisa at jellico.com and then turn around and login as lisa at jellico.net    My
>> boss would like me to restrict this so that (for example) lisa could log in
>> as lisa at jellico.com but not lisa at jellico.net
>
>Just add a check item to the user entry and it will only allow them from that 
>realm.  Since you are using 1.1.6, don't use Auth-Type and start using 
>Cleartext-Password with the := operator.
>
>  lisa Cleartext-Password := "xxxxxxx", Realm == "jellico.com"
>        ...
>
>Or if you want to reject from a specific realm, just use this before your real 
>user entry:
>  lisa Realm == "realmY", Auth-Type := Reject
>
>Kevin Bonner
>
>




More information about the Freeradius-Users mailing list