Using Realm as a check item

Alan DeKok aland at
Sat Dec 6 11:40:16 CET 2008

Lisa Casey wrote:
> I am attempting to use my Freeradius users file to  restrict certain
> users to a specific realm. In my users file, I have several default
> realms specified near the top as so:
> Next I have users entries as so:
> lisa Auth-Type = Local, Password == xxxxxxx

  This is wrong.  Do NOT set Auth-Type.  Change the "Password ==" text
to "Cleartext-Password :=".

> I would like to restrict lisa to only. So I modified lisa's
> entry in the users file like so:
> lisa Realm ==, Auth-Type = Local, Password == xxxxxxx

  Make the same changes here.

> It doesn't work. In my radius.log I get:
> Fri Dec  5 12:59:05 2008 : Auth: Login incorrect: [lisa/xxxxxxx] (from
> client port 1282 cli 423784xxxx)

  Stop looking at the radius.log file, and look at the debug output.

> Fri Dec  5 12:59:11 2008 : Auth: Login incorrect: [lisa/xxxxxx] (from
> client port 1282 cli 423784xxxx)
> I have tried leaving out Auth-Type, I've changed Password == to
> Cleartext-Password == but none of that helped.

  The FAQ clearly says to use "Cleartext-Password :=".  The "man" page
for the users file also explains the meaning of the operators.

> I can authenticate as
> lisa with no realm specified in the users file as a check item, buit as
> soon as I add that in, I can no longer authenticate. Any idea what I'm
> doing wrong or why this isn't working for me?

  Without the debug output, it's impossible to know.

  Alan DeKok.

More information about the Freeradius-Users mailing list