How to reject when a user logs in without realm?
Navin
navin.kumar at freescale.com
Wed Jul 15 16:32:51 CEST 2009
Hi,
Hope you are referring to
realm freescale.com {
type = radius
authhost = LOCAL
accthost = LOCAL
present in the radiusd.conf file. removed it. Restarted the freeradius server.
The user file contains
navin at freescale.com Cleartext-Password := "navin123"
Even then when tested with radtest tool , the users "navin" &
"navin at freescale.com"
are both getting authenticated. I would prefer only
navin at freescale.com get authenticated
and user "navin" should get rejected.
have a nice day,
navin
At 07:37 PM 7/15/2009, you wrote:
> > I am new to radius . hence kindly excuse if my terminologies
> > are different from what is expected.
> >
> > I am using Freeradius Version 1.1.7.
> > Is it possible to reject when a request comes from the NAS server
> > with a user logging in without a realm as suffix?
> >
> > For example, if the FreeRadius server receives an authentication
> > request for the user navin , it has to reject. but if it receives
> > the request as navin at freescale.com it has to authenticate him.
> >
> > I tried the below options:
> >
> > I am not using the proxy request support.
> > Hence commenting proxy.conf file and setting proxy_requests = no
> > in the radiusd.conf file.
> >
> > Added the below in the radiusd.conf file with the intention that
> > users of realm freescale.com has to be authenticated and other users
> > should be rejected.
> >
> > realm freescale.com {
> > type = radius
> > authhost = LOCAL
> > accthost = LOCAL
> > }
>
>Remove that. Your user file entry will sort out who gets authenticated and
>who doesn't.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list