Using Realm as a check item
Alan DeKok
aland at deployingradius.com
Sat Dec 6 11:40:16 CET 2008
Lisa Casey wrote:
> I am attempting to use my Freeradius users file to restrict certain
> users to a specific realm. In my users file, I have several default
> realms specified near the top as so:
...
> Next I have users entries as so:
>
> lisa Auth-Type = Local, Password == xxxxxxx
This is wrong. Do NOT set Auth-Type. Change the "Password ==" text
to "Cleartext-Password :=".
> I would like to restrict lisa to realm1.com only. So I modified lisa's
> entry in the users file like so:
>
> lisa Realm == realm1.com, Auth-Type = Local, Password == xxxxxxx
Make the same changes here.
> It doesn't work. In my radius.log I get:
>
> Fri Dec 5 12:59:05 2008 : Auth: Login incorrect: [lisa/xxxxxxx] (from
> client rad03.globalpops.com port 1282 cli 423784xxxx)
Stop looking at the radius.log file, and look at the debug output.
> Fri Dec 5 12:59:11 2008 : Auth: Login incorrect: [lisa/xxxxxx] (from
> client rad04.globalpops.com port 1282 cli 423784xxxx)
>
> I have tried leaving out Auth-Type, I've changed Password == to
> Cleartext-Password == but none of that helped.
The FAQ clearly says to use "Cleartext-Password :=". The "man" page
for the users file also explains the meaning of the operators.
> I can authenticate as
> lisa with no realm specified in the users file as a check item, buit as
> soon as I add that in, I can no longer authenticate. Any idea what I'm
> doing wrong or why this isn't working for me?
Without the debug output, it's impossible to know.
Alan DeKok.
More information about the Freeradius-Users
mailing list