Allowing user from one realm but not another
Alan DeKok
aland at deployingradius.com
Sun Feb 14 08:42:57 CET 2010
Jeff A wrote:
> I have three different realms users can login with
>
> For examples they are (foo.net, bar.net, beg.net)
Are all users valid on all realms? If so, why?
> Say billy at foo.net <mailto:billy at foo.net> has abused the foo.net realm
> now I need him solely on the beg.net and disallowing the other two
> realms. In other words reject him before if he trys to use the old realm
> again. In other words I want to allow only billy to use this one new
> realm and be rejected if he trys another realm.
Then you need a rule specifically for that user.
> This has to take place I figure in preproxy, cause my users file is
> authenticated minus the realm in proxy..
You can still access the "Realm" attribute in the "users" file:
bob Realm != "foo.net", Auth-Type := Reject
Alan DeKok.
More information about the Freeradius-Users
mailing list