Restricting user by realm
tnt at kalik.co.yu
tnt at kalik.co.yu
Thu Nov 8 20:56:35 CET 2007
To add on this, also have all the common attributes in a single default
entry:
DEFAULT Service-Type = Framed-User
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = None,
Framed-MTU = 1500,
Fall-Through = 1
User entries can then become one-liners, like in Kevin's example, and
you don't even need those DEFAULT entries for realms.
Ivan Kalik
Kalik Informatika ISP
Dana 8/11/2007, "Kevin Bonner" <keb at pa.net> piše:
>On Thursday 08 November 2007 11:19:48 Lisa Casey wrote:
>> The way things are setup now, any user can log in with any of the realms I
>> have defined. For example, I (username lisa) could login as
>> lisa at jellico.com and then turn around and login as lisa at jellico.net My
>> boss would like me to restrict this so that (for example) lisa could log in
>> as lisa at jellico.com but not lisa at jellico.net
>
>Just add a check item to the user entry and it will only allow them from that
>realm. Since you are using 1.1.6, don't use Auth-Type and start using
>Cleartext-Password with the := operator.
>
> lisa Cleartext-Password := "xxxxxxx", Realm == "jellico.com"
> ...
>
>Or if you want to reject from a specific realm, just use this before your real
>user entry:
> lisa Realm == "realmY", Auth-Type := Reject
>
>Kevin Bonner
>
>
More information about the Freeradius-Users
mailing list