Allowing user from one realm but not another
Jeff A
jeffa at globalco.net
Sun Feb 14 12:18:14 CET 2010
Because I was never sure how to keep em off the other realm.
They should all be stuck on realm I put em on
-----Original Message-----
From: freeradius-users-bounces+jeffa=globalco.net at lists.freeradius.org
[mailto:freeradius-users-bounces+jeffa=globalco.net at lists.freeradius.org] On
Behalf Of Alan DeKok
Sent: Sunday, February 14, 2010 2:43 AM
To: FreeRadius users mailing list
Subject: Re: Allowing user from one realm but not another
Jeff A wrote:
> I have three different realms users can login with
>
> For examples they are (foo.net, bar.net, beg.net)
Are all users valid on all realms? If so, why?
> Say billy at foo.net <mailto:billy at foo.net> has abused the foo.net realm
> now I need him solely on the beg.net and disallowing the other two
> realms. In other words reject him before if he trys to use the old realm
> again. In other words I want to allow only billy to use this one new
> realm and be rejected if he trys another realm.
Then you need a rule specifically for that user.
> This has to take place I figure in preproxy, cause my users file is
> authenticated minus the realm in proxy..
You can still access the "Realm" attribute in the "users" file:
bob Realm != "foo.net", Auth-Type := Reject
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list